If
followed, the link takes the potential victim to a page where he or she
are offered what appears to be a screensaver for
download. Unfortunately, it is not a JPG file, but an executable
(b.exe). Once run, it drops a cocktail of malicious files onto the
system, including ZeuS, a popular Trojan spyware capable of stealing
user information from infected systems. The worm is also found to have
anti-VM capabilities, making it useless to execute and test in a virtual
environment, such as Oracle VM VirtualBox and VMWare.
Zeus
is a common tool in the arsenal of many attackers these days, and is
used in a wide variety of attacks and campaigns now. It used to be
somewhat less common, but the appearance of cracked versions of the Zeus
code has made it somewhat easier for lower-level attackers to get their
hands on the malware. Zeus has a range of capabilities, and specializes
in stealing sensitive user data such as banking credendtials, from
infected machines.
"The
worm carries a cocktail of malware onto your machine, including a
Zbot/ZeuS variant which is a serious threat and stealing sensitive
information from the infected machine," warn the
researchers.The worm is hosted on a variety of domains, so the link in
the malicious message may vary. Other servers are used to collect the
data sent by the aforementioned malware and to serve additional
malicious software.
This
type of thing is very rare to just send to your email without you
requesting it so I would advise anyone who thinks that you may have seen
an email like this to delete it and mark it as spam right away.
No comments:
Post a Comment