New Zbot malware campaign discovered by researchers

June 18, 2014 – 4:44 PM

A new malware campaign spreading the Zeus trojan via phishing messages was discovered by researchers early Wednesday.

AppRiver, an email messaging and web security solutions firm, told on Wednesday that it had quarantined 400,000 messages so far – a number that had jumped up from 40,000 just earlier in the day.

The malicious emails claim to be daily customer statements from “Berkeley Futures Limited,” a real company being imitated by miscreants, according to a blog post by Jonathan French, security analyst at AppRiver.

Each message includes a password protected, encrypted ZIP file that helps the attachment get past anti-virus detection, and also may lead users into thinking the message is secure.

However, the password is included in the body of the email, something that Fred Touchette, senior security analyst at AppRiver, believes should serve as a warning to recipients.

“It’s a huge red flag if they include the password in the email, so they’re taking a real chance,” Touchette told Wednesday. “It must be working enough for them that they keep trying it.”

There are two files contained within the attachment, a phony spreadsheet in the form of an SCR file and a PDF file of a fake invoice. Although the attachment in the email had a ZIP extension, it’s actually RAR file.


You must be logged in to post a comment.