Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Fake e-mail delivery messages contain Trojan

BitDefender UK : 28 August, 2008  (Technical Article)
Spam uses well known trade market to feign authenticity to con readers into downloading malware onto their computers
Fake e-mail delivery messages contain Trojan
BitDefender researchers have identified a new large spam wave featuring abusive use of a well known delivery company's name to deceive the users into downloading extremely dangerous malware.

Beware of a malicious payload that is being distributed using an e-mail spam falsely presented as from FedEx. The message claims that the company was not able to deliver a postal package sent one month ago. Recipients are then invited to download and print an attached invoice in order to retrieve the package.

However, the attached archive does not hold the alleged invoice, but an extremely dangerous piece of malware, known as Trojan.Spy.ZBot or one of its many variants, such as Trojan.Spy.Wsnpoem.HA.

This malware was specially engineered to steal sensitive e-banking data. Once it penetrates a system, it installs in WindowsSystem32 directory, where it creates the rootkit-hidden wsnpoem folder that it populates with the encrypted ntos.exe, audio.dll and video.dll files (in effect, the two so-called "DLLs" are used for configuration and storage purposes). It also creates a registry entry that enables its automatic launch each time Windows starts up. To harvest the sensitive e-banking details, it injects code into winlogon.exe and iexplorer.exe processes and downloads one or several files from a remote server. It employs these files to store the data it gathers by monitoring the Web browser activity.

"ZBot and its family have an increased damage potential, as they are able to deactivate the firewall, steal sensitive financial data (such as credit card and account numbers, as well as login details), make screen shots and create logs of current working sessions. In addition, it is capable of downloading supplemental components and providing a remote e-criminal with the means to access the compromised system. Hence, we strongly recommend you not to open these e-mails and their attachments and to install and activate a reliable antimalware, firewall and spam filter solution." said Sorin Dudea, Head of BitDefender Anti-malware Research.

BitDefender is the creator of one of the industry's fastest and most effective lines of internationally certified security software. Since its inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention. Every day, BitDefender protects tens of millions of home and corporate users across the globe - giving them the peace of mind of knowing that their digital experiences are secure. BitDefender solutions are distributed by a global network of value added distribution and reseller partners in more than 100 countries worldwide.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo