Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2014
    S M T W T F S
    « Aug    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us


    Spammers are becoming bolder, targeting even government agencies such as the National Intelligence Council (NIC) to further their malicious causes.

    Trend Micro fraud analysts were recently alerted to the discovery of spammed messages that purported to come from the NIC—the Intelligence Community (IC)’s center for midterm and long-term strategic thinking. The NIC provides intelligence reports to members of the IC, including the National Security Agency (NSA).

    Independent security journalist Brian Krebs in his blog confirmed that these messages were spoofed due to several obvious reasons, including:

    • The email address used in the spammed messages was nic@nsa.gov.
    • Another version purported to come from admin@intelink.gov. Extracting the header information, however, revealed that the real sender’s email address was {BLOCKED}@sh16.ruskyhost.ru.
    • The spam run also specifically targeted email addresses with .gov and .mil domain names.

    The spammed messages persuaded recipients to download the .EXE file attachment, a spoofed version of the NIC’s 2020 Project.” In reality, however, the file is a ZBOT variant detected as TROJ_ZBOT.SVR.

    Like its well-known predecessors, this ZBOT variant is also an information stealer, as evidenced by the following published reports:

    Trend Micro product users need not worry, however, as Smart Protection Network™ protects them from this threat by preventing the spammed messages from even getting into their inboxes via the email reputation service and by detecting and blocking the download of the malicious .EXE file via the file reputation service.

    Non-Trend Micro product users can also stay protected via HouseCall, a free tool that identifies and removes all kinds of viruses, Trojans, worms, unwanted browser plug-ins, and other malware from affected systems.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice