Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    6:36 am (UTC-7)   |    by

    ZBOT has currently been spotted engaging in another spam run targeting Facebook yet again.

    Click for larger view

    By clicking the link embedded in the email, users will land on a Facebook phishing page.

    Click for larger view

    This time, however, the phishing page contains an iframe that points to a Web exploit toolkit. This exploit toolkit can deliver a variety of exploits, depending upon the user’s browser and OS.

    Click for larger view

    For users of Firefox, the toolkit will push a .PDF file (detected by Trend Micro as TROJ_PIDIEF.PAL) to exploit a known vulnerability in Collab.getIcon. If the user is not infected via the exploit toolkit, ZBOT is still left with the social engineering aspect. After a user enters credentials into the phishing page, the user is led to a download page of updatetool.exe or the ZBOT binary (detected as TSPY_ZBOT.CCB).

    Click for larger view

    Trend Micro Smart Protection Network blocks all related spammed mesasges and ZBOT domains and prevents the download of all related files.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice