http://www.darkreading.com/smb-security/security/attacks/showArticle.jhtml?articleID=227900050 By Kelly Jackson Higgins DarkReading Oct 15, 2010 A widespread spam campaign that began several days ago started spiking today, Oct. 15 -- quarterly tax payment deadline day in the U.S.: The Zeus-laden attack poses as an alert from the government's electronic tax payment system, telling recipients that their payment was rejected and sending them to a link that both infects them and redirects them to the legitimate electronic federal tax payment system website, eftps.gov. Researchers at Solera Networks say they first discovered the Zeus tie-in with the spam run -- which features high volumes of spam emails with subject lines such as, "LAST NOTICE: Your Federal Tax Payment has been rejected in the system" -- during the past 24 hours after they had been investigating a zero-day attack at one of their customer's sites. They say they were struck both by the volume of the spam run and the layered method of the attack. "Late last night we were able to put the pieces of information together that showed this was very interesting," says Peter Schlampp, vice president of marketing and product management for Solera Networks. "The call to action on this campaign is to click on the link, which says eftps.gov, but in the background is a different URL. It has several redirects and attempts to exploit your system. If successful, it gets you to the eftps.gov website, and with a keylogger installed all the information you [input there] gets sent to [the attacker] as well as the system, and you become part of the botnet." The attack uses Zeus Version 2, according to Solera, and is one of the biggest spam campaigns Solera has ever seen. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Sun Oct 17 2010 - 22:36:20 PDT
This archive was generated by hypermail 2.2.0 : Sun Oct 17 2010 - 22:43:52 PDT