According to a recent report from the US Computer Emergency Readiness Team (CERT), spammers have exploited the recent H1N1 epidemic with a series of spam emails tricking unsuspecting users to visit a bogus site that mimics the Center for Disease Control’s (CDC) homepage. Clicking the link downloads a Trojan horse by the name of Zbot, or Zeus. This bot Trojan then hijacks the infected Windows computer and uses it to attack others by sending out more spam.
Even those who don’t click on the link are subject to infection. According to AppRiver security researcher Troy Gill, the site also includes an IFRAME element that exploits known vulnerabilities in Adobe Software. This hidden element contains the attack code that can exploit Adobe Reader and Flash Player vulnerabilities to infect the target computer.
The reach of the outbreak
When computers began flooding email inboxes with the spam on December 2nd, the messages were being sent at an average of 18,000 per minute. This comes to a little over 1 million messages being sent over a one hour period. Since then it has slowed to about 9,500 messages sent per minute, but it remains the predominant campaign being run right now.
Protecting yourself
It was only a matter of time before someone capitalized on the recent scare surrounding H1N1 and the lack of vaccinations available. To protect your computer, avoid any email with the subject line that reads, “State Vaccination H1N1 Program,” “Government registration program on the H1N1 vaccination,” or “Create your Personal Vaccination Profile.” Over time, the chances that these subject headings will change are certain, just remember that the CDC does not require registration for the H1N1 vaccine, nor will registration with the CDC help you receive the vaccine any quicker. Note: for more information on the H1N1 flu virus and the vaccinations provided by the CDC, go here.
Zbot profile
Also called Zeus by some security vendors, the Zbot Trojan compromises computers running the Windows operating system and joins them to the Zbot botnet. At over 3.5 million computers, it is currently the number one botnet for malicious activity. Crafted from a toolkit designed to create malware, Zbot is the same malware that was used by a British couple accused of stealing banking information and passwords.
If you suspect your computer has been infected, Zbot can be removed by most anti-malware programs with updated definitions and/or signature files. For more information about malware removal, go here.
Comments
Leave a comment Trackback