Results 1 to 10 of 694

Thread: SPAM frauds, fakes, and other MALWARE deliveries - archive

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2010-02-08, 20:49 #10
    AplusWebMaster
    AplusWebMaster is offline
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Zeus campaign targeting gov't dept's...

    FYI...

    Zeus Campaign Targeted Government Departments
    - http://securitylabs.websense.com/con...?cmpid=slalert
    02.08.2010 - "Websense... has discovered a new Zeus campaign (a banking data stealing Trojan) which is now targeting government departments. Our research shows that the campaign has especially targeted workers from government and military departments in the UK and US: we found most victims' email addresses end with .gov... thousands of emails which pretend to be from the National Intelligence Council. The email subjects include:
    "National Intelligence Council"
    "RE: National Intelligence Council"
    "Report of the National Intelligence Council"
    The spoofed emails lure victims to download a document about the "2020 project"; this is actually a Zeus bot. The Web sites which host the bot look very trustworthy: one of them is a compromised organization Web site and the other is located on a popular file hosting service. The bot has rootkit capabilities and connects to C&C servers at update*snip* .com and pack*snip* .com to report back on a successful infection and to download some archives with DLLs, it also modifies the hosts file to prevent updates from popular anti-virus vendors... the anti-virus detection rate for this bot is currently at 26/40*."
    * http://www.virustotal.com/analisis/8...4c4-1265615954
    File 2020.exe_ received on 2010.02.08 07:59:14 (UTC)
    Result: 26/40 (65.00%)
    (Screenshots available at the Websense URL above.)

    - http://www.krebsonsecurity.com/2010/...s-gov-and-mil/
    February 6, 2010 - "... The scam e-mails may seem legitimate because the name of the booby-trapped file mimics a legitimate 2020 Project report*** published by the NIC, which has a stated goal of providing US policymakers “with a view of how the world developments could evolve, identifying opportunities and potentially negative developments that might warrant policy action.” Only 16 of the 39 anti-virus scanners used by Virustotal.com detect the file** as malicious, and those that do mostly label it as a variant of the Zeus/Zbot Trojan..."
    ** http://www.virustotal.com/analisis/3...610-1265331501
    File 2020.zip.txt received on 2010.02.05 00:58:21 (UTC)
    Result: 16/39 (41.03%)
    *** http://www.dni.gov/nic/NIC_2020_project.html

    - http://www.threatexpert.com/report.a...ecd4ba7054e138
    7 February 2010

    - http://www.m86security.com/labs/i/In...race.1233~.asp
    February 7, 2010 M86 Security - "... another Zeus campaign that we observed last week..."

    Last edited by AplusWebMaster; 2010-02-09 at 13:27.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules