[nsp-sec] Zbot | Zues activity on 10-14-2009
Scott A. McIntyre
scott at xs4all.net
Thu Oct 15 09:47:00 EDT 2009
On Oct 15, 2009, at 14:27 , Shelton, Steve wrote:
> ----------- nsp-security Confidential --------
>
> Morning!
>
> Did anyone receive any direct love yesterday from the Zbot-Zues crew?
> We had a few waves of targeted exploit attempts guised as a Phishing
> attempt and wondering if anyone else saw the same or if it was just me
> stepping on somebody toes!
Yep, we started seeing this a few days ago, actually. On the 12th.
It's also been floating around/towards some pretty big multinational
pharmaceutical companies (I got a copy of one of their internal
warnings about "Spam" -- missing the point of the malware/mail
entirely..heh).
The samples we've tested with Virustotal have a miserable detection
rate, somewhere around 3 of the 40 packages detecting...
I'm guessing it's automated. Re-writes the url for the domain it's
sent to, they're obviously using wildcards for the DNS (I tested this
to verify) and the email address in the URL might be used for
targeting the attack more sharply, or, address verification or
something else entirely.
So, you're not alone!
Scott A. McIntyre
XS4ALL Internet B.V.
More information about the nsp-security
mailing list