After a relative low virus detection for more than a week, MX Lab started to intercepted a new virus outbreak of Bredolab in emails regarding a Western Union money transfer. The malware is named Bredolab.gen.a (McAfee), TrojanDownloader:Win32/Bredolab.X (Microsoft), Mal/Krap-B (Sophos) or Trojan.Bredolab!gen3 (Symantec).
The spoofed from address is in the form of Manager Ginger Patrick <customer@westernunion.com> where [...]
Emails Western Union Service contains Bredolab
Emails regarding updating your mailbox leads to the malware flashinstaller.exe
MX Lab intercepts emails with an embedded URL that leads to a web site where you will have the notice “You don’t have the latest version of Macromedia Flash Player.” and you can download the file flashinstaller.exe. The file itself is malware and listens to the name Win32:Zbot-MGA (Avast), W32/Bifrost.C.gen!Eldorado (F-Prot), PWS-Zbot.gen.v (McAfee) or PWS:Win32/Zbot.gen!R [...]
Twitter accounts abused by spammers
MX Lab detected a spam campaign where Twitter is being abused by spammers to promote online drug stores.
The campaign is sent from random spoofed email addresses and has similar subjects like:
7U1 An amazing selection of brand name medications, all for incredibly low prices!
2F9 Looking for Hytrin? 7N8
6W3 Looking for Abilify?
5Z2 Looking for Fosamax?
4G5 Do you [...]
New Sasfis trojan in the wild
Between October 27 and November 09th, 2009, MX Lab has noticed a large amount of viruses. Bredolab, distributed by the Cutwail botnet, was responsible for the majority of viruses during this period. After a few days low virus detection we see new peaks again with different virus campaigns.
The messages contain the trojan Win32:Trojan-gen (Avast), Trojan.Sasfis.C (BitDefender), [...]
MySpace subject to phishing campaign
Social networks are often subject to phishing and today MySpace is the target. MX Lab intercepted some messages from MySpace <message-*********@message.myspace.com> – where * stands for random letter and number combination. The from address is obviously spoofed.
The body of the email:
Dear MySpace user!
Please be informed that you are required to update your MySpace account.
Please update [...]
DHL Tracking Number 3YMH6JJY contains trojan
MX Lab intercepted a large amount of emails with the subject “DHL Tracking Number 3YMH6JJY” containing the trojan TrojanDownloader:Win32/Cutwail.gen!C (Microsoft), Trojan.Kobka.E (GData), AVG (SHeur2.BQSN() or Troj/Agent-LQA (Sophos).
The contents of the email:
Dear customer!
The courier company was not able to deliver your parcel by your address.
You may pickup the parcel at our post office personaly.
The shipping label is [...]
PayPal phishing in attachments
Yesterday MX Lab reported regarding a phishing email that has no URL but instead an attached HTML document with a web form included. Since then we see more similar cases and also PayPal is subject to this technique. The senders address shows us “www.paypal.com” <service@paypal.com> but this is spoofed. The email was sent from 69.128.90.226, an [...]
Phish of Banca Agricola Popolare di Ragusa has no URL but is in an attachment
In almost every phish email there is an URL leading to the phishingsite where you are asked for a login, password and other personal information. With the latest phish targeting Banca Agricola Popolare di Ragusa the URL is not inside the email but there is an attachment in HTML format. The goal of this trick [...]
Facebook updated account agreement email contains Sasfis trojan
Apparently, the virus campaigns are far from over. MX Lab reported on this blog regarding the latest virus campaign that would be an attempt to grow the Cutwail botnet by infecting new computer systems by launching new trojan variants every few days.
MX Lab now intercepts a new Facebook virus campaign from the spoofed address <automailer+gtevzolc@facebook.com> or [...]
Bredolab surges to new heights thanks to Cutwail botnet
Several sources reported a surge of the Bredolab trojan in the middle of October but MX Lab did noticed an real increase on October 27th.
The following graph shows the virus detection from October 7th until November 5th (from right to left) with small peaks at the beginning of October while at the end the virus [...]
