Tuesday, October 20, 2009
"The massive Zbot botnet that spreads the treacherous Zeus banking Trojan has been launching a wave of relatively convincing phishing attacks during the past few days -- the most recent of which is a phony warning of a mass Conficker infection from Microsoft that comes with a free "cleanup tool."
"The wave of attacks began early last week targeting corporations in the form of email messages that alerted victims of a `system upgrade.` Email is accompanied by poisoned attachments and links; in some cases it poses as a message from victims' IT departments, including their actual email domains, and alerts them about a "security upgrade" to their email accounts. The message then refers victims to a link to reset their mailbox accounts, and the link takes them to a site that looks a lot like an Outlook Web Access (OWA) page, but instead infects them with the Zeus Trojan.
"Today, researchers at F-Secure spotted the botnet spamming out malware-laden email that tries to trick recipients with a convincing lure messages that says, `On October 22, 2009 server upgrade will take place.`
"`What we're seeing is an evolving campaign of different lures to see which one works,` says Richard Wang, manager of Sophos Labs in the U.S.
"The Zbot botnet, which is made up of 3.6 million PCs in the U.S., or 1 percent of all PCs in the country, according to data from Damballa, spreads the deadly Zeus Trojan. Zeus, which steals users' online financial credentials, represents 44 percent of all financial malware infections today, according to Trusteer."