U.S. and international authorities may have just made a serious dent in the manpower behind the Zeus botnet, but dozens of arrests aren't stopping the data-stealing trojan from spreading.
The latest Zeus spam campaign targeted iTunes users and attempted to trick them into installing the insidious malware, designed to hijack online banking credentials from its victims, security firms warned this week.
The messages, which appeared to have been sent from Apple's iTunes Store with the address donotreply@itunes[dot]com, arrived with the subject "Your receipt #" followed by a random number, Fred Touchette, senior security analyst at email protection vendor AppRiver, wrote in a blog post Tuesday. The fake receipts claimed the recipient's iTunes order cost hundreds of dollars.
“People buying music from iTunes are getting used to seeing these receipts in their inboxes,” Touchette told SCMagazineUS.com on Tuesday. “If [attackers] can get them nervous about the amount of the receipt, they can get them to click on a link.”
Links in the bogus receipt lead to one of approximately 100 domains ending in .info, all of which were registered with GoDaddy. Once clicked, the links redirected users to another site where the Zeus trojan is waiting to infect victims.
The final site that users landed on attempted to automatically download a file claiming to be Adobe Flash Player, but it actually was the malicious payload, Touchette said.
The messages began cropping up on Friday, not long after a separate spam run spoofing the social networking site LinkedIn aimed to foist Zeus on victim PCs. The iTunes campaign is no longer active, and all the domains that attackers were using have been blacklisted, Touchette said.
In the past, attackers have used fake iTunes receipts to lure users to websites selling pharmaceuticals, as well as phishing sites that try to trick users into logging into fake web pages to dupe them into handing over account credentials, researchers at Mac security firm Intego, wrote in a blog post Tuesday.
U.S. and foreign authorities last week announced a series of arrests disrupting an international cybercrime operation linked to Zeus.
The latest attacks indicate that even in spite of last week's arrests, the cyber gangs that use Zeus have not been phased and do not plan on stopping, Touchette said.
“Zeus hasn't shown any signs of letting up,” he said. “Zeus has been so readily available on the underground forums as a kit that many people have their hands on it. It's going to be difficult to put a dent on its output.”
Tuesday, October 5, 2010
Subscribe to:
Post Comments (Atom)
Something many business owners do not realize, is that commercial accounts have had hundreds of thousands, and sometimes millions of dollars stolen from their commercial bank accounts, only to learn that their banks don't take responsibility for safeguarding their funds from these attacks. Clicking on:
ReplyDeletehttp://www.yourmoneyisnotsafeinthebank.org/Banking_CyberProtection_Demand_Letter.doc
will download a letter you can print out and take to your financial services institution to learn if your small- and medium-sized enterprise is vulnerable to losing money to cyber-criminals like the ones mentioned in this article.
Very cool, thanks!
ReplyDelete