– Zeus Being Spammed Out As An Anti-virus Update
Urgency is one of the psychological drivers used by criminals in social engineering. If something is urgent, the target is likely to respond quickly without fully considering the implications; so spam usually contains exhortations to ‘act quickly’, or ‘do this now’ for the user to avoid disappointment or penalty.
There seems an inevitability that the urgency of patching should be married to the urgency in social engineering – and this, according to Kaspersky Lab, has now happened. Last week Kaspersky Lab identified a mass mailing of phishing letters sent in the name of leading IT security providers. There are several variants of the emails, but the same basic template: a major anti-virus firm is providing an important update necessary to protect the user from “new malware circulating over the net.” and “To complete this action please double click on the system patch KB923029 in the attachment. The installation will run in the silent mode.”
Native English speakers might pause slightly over the superfluous definite article in that last sentence; but others would probably not notice. Instead, the danger is that they might be so concerned to protect their computers that they proceed with the urged haste and double click the attachment that hides a malicious program detected by Kaspersky Lab’s as Trojan-Spy.Win32.Zbot.qsjm.” In other words, the criminals are relying on users’ desire to be secure to get round their security and infect their computers with perhaps the most infamous of all old malware: Zeus
This trojan is designed to steal confidential user information, preferably banking and financial data. Using this malware, cybercriminals can modify the contents of banking sites by planting malicious scripts in them to steal authentication data such as login credentials and security codes. To these endsTrojan-Spy.Win32.Zbot.qsjm can also take screenshots and even capture video, intercept keyboard input, etc. In addition, this Trojan uses a P2P protocol to receive this data from other infected computers. So we recommend don’t opening any file attached to an email unless you are expecting it and know who the sender is.
Fonte – Kaspersky Lab