We recently saw some articles on the Web saying that Slim Shady aka Eminem died in a car crash. Today, we received a spammed message that still claims the rumor is true. The email pretends to be from CBS News informing the recipient of the news about Eminem’s alleged car crash. It also asks if the user wants to see more information about it. A link is provided in the email to show the user the supposed video. Instead of the video, however, the link redirects to a site that downloads an executable file.
Below are screenshots related to this attack.
The .EXE file, of course, turns out to be malicious. It is another member of the infamous and persistent ZBOT family of infostealers, which is detected as TROJ_ZBOT.HBI. The activities of ZBOT malware and the related ZeuS botnet were discussed in a Trend Micro white paper earlier this year. It’s not the first time that spam has been used to spread ZBOT either, as in March this year, two spam campaigns did so. The first campaign used fake notices from the Internal Revenue Service (IRS) while the second used allegedly posted photos.
Trend Micro product users are already protected from this threat via the Smart Protection Network, which blocks the spammed message, the download URL, and the malicious file.