[LINK] Nice little Conflicker spreader email.
stephen at melbpc.org.au
stephen at melbpc.org.au
Tue Oct 20 15:40:10 AEDT 2009
According to this article, the email is spreading the Zeus banking trojan
which certainly sounds like it may be even worse than the Conficker virus.
> On Tue, Oct 20, 2009 at 10:26:38AM +1100, Rick Welykochy wrote:
> > My guess is that the email is from crooks and is a well crafted
> > attempt to install Conficker on your (Windows) system.
> As you say - well crafted and from crooks. Here's the headers from a
> copy I got...
Botnet Unleashes Variety Of New Phishing Attacks
Attackers use phony messages of Microsoft Conficker 'cleanup tool' to
October 19th, 2009 | 05:31 PM
By Kelly Jackson Higgins www.darkreading.com/security/vulnerabilities
The massive Zbot botnet that spreads the treacherous Zeus banking Trojan
has been launching a wave of relatively convincing phishing attacks
during the past few days -- the most recent of which is a phony warning
of a mass Conficker infection from Microsoft that comes with a
free "cleanup tool."
The wave of attacks began early last week targeting corporations in the
form of email messages that alerted victims of a "system upgrade."
The Zbot botnet, which is made up of 3.6 million computers in the U.S.,
or 1 percent of all PCs in the country, according to data from Damballa,
spreads the deadly Zeus Trojan.
Zeus, which steals users' online financial credentials, represents 44
percent of all financial malware infections today, according to Trusteer.
Zeus traditionally has been one of the more difficult malware variants
for some antivirus programs to detect: According to recent data from
Trusteer, Zeus is detected only 23 percent of the time by up-to-date
antivirus applications. It's also hard to kill because it hides itself so
well in the operating system.
> Return-Path: <barneyrm at rothmanandtobin.com>
> Received: from unknown (HELO CUMHPKZ) (18.104.22.168)
> by ... with SMTP; 19 Oct 2009 13:56:29 -0000
> Received: from 22.214.171.124 by sbserver.rothmanandtobin.com;
> Mon, 19 Oct 2009 16:56:22 +0200
> Message-ID: <000d01ca50c3$f1402c80$6400a8c0 at barneyrm>
> From: "Microsoft Windows Agent" <...>
> To: ...
> Subject: Conflicker.B Infection Alert
> Date: Mon, 19 Oct 2009 16:56:22 +0200
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2900.2180
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> Mine was intercepted by amavis.
> Link mailing list
> Link at mailman.anu.edu.au
Message sent using MelbPC WebMail Server
More information about the Link