[LINK] Nice little Conflicker spreader email.

stephen at melbpc.org.au stephen at melbpc.org.au
Tue Oct 20 15:40:10 AEDT 2009

According to this article, the email is spreading the Zeus banking trojan
which certainly sounds like it may be even worse than the Conficker virus.

Chris writes,

> On Tue, Oct 20, 2009 at 10:26:38AM +1100, Rick Welykochy wrote:

> > My guess is that the email is from crooks and is a well crafted
> > attempt to install Conficker on your (Windows) system.
> As you say - well crafted and from crooks.  Here's the headers from a
> copy I got...

Botnet Unleashes Variety Of New Phishing Attacks 

Attackers use phony messages of Microsoft Conficker 'cleanup tool' to 
spread malware 

October 19th, 2009 | 05:31 PM

By Kelly Jackson Higgins  www.darkreading.com/security/vulnerabilities

The massive Zbot botnet that spreads the treacherous Zeus banking Trojan 
has been launching a wave of relatively convincing phishing attacks 
during the past few days -- the most recent of which is a phony warning 
of a mass Conficker infection from Microsoft that comes with a 
free "cleanup tool." 

The wave of attacks began early last week targeting corporations in the 
form of email messages that alerted victims of a "system upgrade." 

The Zbot botnet, which is made up of 3.6 million computers in the U.S., 
or 1 percent of all PCs in the country, according to data from Damballa, 
spreads the deadly Zeus Trojan. 

Zeus, which steals users' online financial credentials, represents 44 
percent of all financial malware infections today, according to Trusteer. 

Zeus traditionally has been one of the more difficult malware variants 
for some antivirus programs to detect: According to recent data from 
Trusteer, Zeus is detected only 23 percent of the time by up-to-date 
antivirus applications. It's also hard to kill because it hides itself so 
well in the operating system. 

>   Return-Path: <barneyrm at rothmanandtobin.com>
>   Received: from unknown (HELO CUMHPKZ) (
> 	  by ... with SMTP; 19 Oct 2009 13:56:29 -0000
>   Received: from by sbserver.rothmanandtobin.com;
> 	  Mon, 19 Oct 2009 16:56:22 +0200
>   Message-ID: <000d01ca50c3$f1402c80$6400a8c0 at barneyrm>
>   From: "Microsoft Windows Agent" <...>
>   To: ...
>   Subject: Conflicker.B Infection Alert
>   Date: Mon, 19 Oct 2009 16:56:22 +0200
>   MIME-Version: 1.0
>   Content-Type: multipart/mixed;
> 	  boundary="----=_NextPart_000_0006_01CA50C3.F1402C80"
>   X-Priority: 3
>   X-MSMail-Priority: Normal
>   X-Mailer: Microsoft Outlook Express 6.00.2900.2180
>   X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> Mine was intercepted by amavis.
> Chris
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

Message sent using MelbPC WebMail Server

More information about the Link mailing list