December 6, 2011 2 Comments
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with subjects similar to:
Adobe Software Critical Upgrade Notification ID: M29MGJW7CN3
Adobe Systems Software Critical Upgrade Notification ID: 6974438831048
Adobe Acrobat: Upgrade Needed, Tue, 6 Dec 2011 15:08:48 +0100
The email is send from the spoofed address “Adobe Update Notification <firstname.lastname@example.org>” and has the following body:
Adobe is pleased to announce new version upgrades for Adobe Acrobat Reader and Adobe X Suite
Advanced features include:
- Collaborate across borders
- Create rich, polished PDF files from any application that prints
- Ensure visual fidelity
- Encrypt and share PDF files more securely
- Use the standard for document archival and exchange
To upgrade and enhance your work productivity today please open attached file.
Copyright 2011 Adobe Systems Incorporated. All rights reserved.
Adobe Systems Incorporated,
Tue, 6 Dec 2011 13:21:16 -0300
The attached ZIP file has the name AdobeSystems-Software_Critica Update_Dec_2011-ELA6L7G9D.zip and contains the 200 kB large file Adobe Systems Software Critical Update Dec 2011.exe.
The trojan is known as PWS-Zbot.gen.hb (McAfee), PWS:Win32/Zbot.gen!Y (Microsoft), W32/Zbot.YFP (Norman).
At the time of writing, only 5 of the 43 AV engines did detect the trojan at Virus Total.
Virus Total permalink and MD5: 2cf8db09963b2077e42aeb1d644b160f.