MX Lab intercepted a few emails regarding AOL Instant Messenger accounts but in fact, the included URL leads to a web site that hosts malware. The malware is know as Trojan-Spy.Win32.Zbot.gen (Kaspersky), PWS:Win32/Zbot.gen!R (Microsoft) or Trojan.Zbot!gen3 (Symantec).
The email comes from the spoofed address AIM <no_reply_instant_messenger@aol.com> with possible subjects like:
Your AIM account is flagged as inactive
Your AIM account [...]
ZBot trojan aims AIM users
ZBot variant masked as settings file for MS Outlook
MX Lab has been tipped regarding a new 0-day email related virus by Alan Dougherty from the company Synergistix. Thanks for sharing this with us. MX Lab intercepted only one sample of the email so we had the possibility to investigate this.
The email comes from suport@****.com where **** stands for the domain that is being used [...]
New ZBot trojan detected in UPS tracking emails
Email messages coming from UPS with the subject “Postal Tracking #FDD4Q22514LDU4N” and the attached file UPS_DOC_986001.zip are part of a new malware distribution by email. MX Lab intercepted the first samples of a new variant that is only detected by 5 of the 40 AV engines of Virus Total.
The body of the email:
Hello!
We were not [...]
New Western Union MTCN trojan
MX Lab intercepted a new ZBot trojan today that is being distributed in the famous “Western Union MTCN” format. The message subject is “Western Union Transfer MTCN: 5815328212″. The attached file is a compresses zip archive WesternUnion_SPL90710021.zip containing the malware WesternUnion_SPL90710021.exe. Please note that the numbers in the subject line and/or attachment and executable can [...]
New version of the Zbot-I trojan
A message with the subject line “Fwd: Look and tell…” that has been intercepted by the zero hour anti virus at MX Lab caught our attention. When submitting the details to Virus Total, only 14 of the 40 AV engines did detect this one. The email has the ZIP file attached named Info04.zip and when [...]
WorldPay emails contain attached mailware
Take extra attention when receiving messages with the subject ”WorldPay CARD transaction Confirmation” claiming that your invoice is attached to the email as a ZIP file.
MX Lab intercepted emails with malware attached. The From address doesn’t belong to WorldPay at all and is spoofed randomly. This is the contents of the body:
Thank you!
Your transaction has been processed by [...]
ZBot in “PayPal Rechnung”
A new ZBot variant appears in PayPal “Rechnung” emails. The attached files contains the ZBot malware variant, at this moment, only detected by 3 anti virus angines out of the 36 on Virus Total 7 PM local Belgian time. This type of distribution was also detected late June by MX Lab.
The content of the malware [...]
ZBot trojan attached to flight ticket confirmation
A new variant of the ZBot trojan is attached to a flight ticket confirmation email. Possible subject lines are:
Your order N9708902
Online order for ticket N688610
Online order for airplane ticket N688610
Your ticket from {airlines} N3076437
Your ticket from {airlines}
Your airplane ticket
The contents of the message:
Good day,
Thank you for using our new service “Buy flight ticket Online” on [...]
