Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2014
    S M T W T F S
    « Aug    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us

    A slightly modified Zbot spam campaign currently making rounds pretend to come from the IT support of various companies. It informs users that a security update in the mailing service caused changes in their mailbox settings. They are instructed to open the ZIP attachment and run the .EXE file, INSTALL.EXE to supposedly apply the changes. Trend Micro detects this as TROJ_FAKEREAN.CF.

    When executed, this Trojan accesses http://{BLOCKED}nerkadosa.com/xIw1yPD0q5Gb8t0br4x6k5sk to download another malicious file detected as TROJ_FAKEREAN.BI.

    Click for larger view Click for larger view

    Spammers usually employed random email address in the FROM and TO field headers but in this case, the actual company domain is used as email addresses in both fields. This is done to make the email message more credible, and convincingly coming internally from the company, thus luring unknowing users into executing the malware.

    This attack is a follow-up on the phishing email we blogged earlier this week. The said email purports as a notification from the company’s “system administrator” to update the user’s system because of a server upgrade. Accordingly, the subdomains are tailor-made to make it more legitimate.

    Users are encouraged not to open suspicious-looking emails even though it supposedly came from a trusted source. It is also advisable that users contact first their IT or tech support in case they received such emails to verify if indeed a security update had occured. Trend Micro protects users from this attack with its Trend Micro Smart Protection Network that blocks and detects the said malicious file.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    • mark heyes

      i believe two people man and woman have been arrested in manchester for this trojan,congrats to the police.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice