Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Warnings have been made of a new wave of malicious email messages that carry a Zeus payload.According to Websense Security Labs, the campaign is related to pharmaceutical spam messages, except that it combines an HTML or ZIP attachment with a social engineering technique. Detection found that in the case of an HTML attachment, criminals are using an obfuscated JavaScript and content is encrypted with a commercially available HTML obfuscation tool.Websense said that when viewing the deobfuscated content, it saw that the script uses a meta refresh tag to redirect a user who views the attachment. The script checks which browser is used and only performs the redirection if Firefox, Chrome or Safari is used. A user who is using one of the affected browsers will get redirected to a pharmaceutical site.The 'label.zip' file contains 'label.exe', which is a copy of Zeus. The malware copies itself to 'C:\Documents and Settings\user\Application Data\Ewca\refef.exe' and tries to access two sites located in the .ru zone.Carl Leonard, senior manager of Websense Security Labs, said: “This is a great example of a blended threat that covers all attack angles – web, email and file-based, and steals your data to boot. In this campaign, a mail recipient may get a message to say US$375 has been sent to their account, and include a link to view the transaction. So far, we have seen more than 100,000 email messages like this, and counting.”The announcement came as BitDefender released its Zbot/Zeus removal tool. The Zbot Removal Tool can be downloaded from the Removal Tools section of www.malwarecity.com, a BitDefender initiative for the software security community and a free resource for those interested in their online security.Catalin Cosoi, head of the BitDefender online threats lab, said: “The removal tool checks users' computers, detects and eliminates most of the Zbot variants spotted in the wild and it is available for download free of charge.“As Zbot is one of the most prolific breeds of malware and new variants appear everyday, we strongly suggest that computer users regularly return to our removal tool page on malwarecity.com for additional updates of the Zbot Removal Tool."See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.