FYI...
Pictures Ruse Used to SPAM Zeus/Zbot
- http://blog.trendmicro.com/spam-with...o-spread-zbot/
Mar. 24, 2010 - "... fresh wave of spammed messages that were used to spread another ZBOT variant of the infamous ZeuS botnet. These messages warned users that a “jerk” posted photos of them and contained a link to the said images... the spammed messages appear to be from innocent users that the recipients presumably knew. In addition, they were also signed or at least had the sender’s name at the end of the message. In the sample above, the sender’s name has been blurred to protect his/her identity. Combined, this may lead users to believe the message is legitimate. However, the link does not go to any legitimate social-networking or photo-hosting site. Users were instead prompted to download a “photo archive”. In addition, the download page also contains a malicious iframe, which leads to a website that previously hosted the Phoenix Exploit’s Kit, which was designed to take advantage of vulnerabilities in several popular applications like Adobe Flash, Internet Explorer (IE), Microsoft Office, and Mozilla Firefox..."
(Screenshots available at the URL above.)
- http://threatinfo.trendmicro.com/vin...30210-ZBOT.xml
- http://ddanchev.blogspot.com/2010/03...-exploits.html
March 24, 2010 - "... Updates will be posted as soon as new developments emerge. Consider going through the 'related posts', to catch up with the gang's activities for Q1, 2010..." ("Related posts" listed there)