Tweet

Trend Micro threat analysts were alerted to the discovery of another ZBOT spam campaign. The emails bear subjects such as “your photos” and “some jerk has posted your photos.” They inform the recipients that someone has posted their photos without their permission on a site and has sent the link to their friends. The recipient is intended to beleive that the “sender” is acting as a “good samaritan,” emailing the one who supposedly posted the said pictures.The URL, of course, points to a website that distributes a malware detected by Trend Micro as TSPY_ZBOT.CJA.

When executed TSPY_ZBOT.CJA connects to several websites to download another malicious file detected as TROJ_DROPR.KB. The spyware also has rootkit capabilities that enable it to hide its processes. ZBOT/ZeuS is one of the most notorious botnets with regard to identity, financial, and information theft.

Users are strongly advised not to open emails from unknown sources. Trend Micro protects users from this attack via the Smart Protection Network, which blocks the spammed messages and prevents the download of the related malicious files.