[nsp-sec] Zbot | Zues activity on 10-14-2009
Krista Hickey
Krista.Hickey at cogeco.com
Thu Oct 15 11:08:33 EDT 2009
On Oct 15, 2009, Scott A. McIntyre wrote:
>
> On Oct 15, 2009, at 14:27 , Shelton, Steve wrote:
>
> > ----------- nsp-security Confidential --------
> >
> > Morning!
> >
> > Did anyone receive any direct love yesterday from the Zbot-Zues
crew?
> > We had a few waves of targeted exploit attempts guised as a Phishing
> > attempt and wondering if anyone else saw the same or if it was just
me
> > stepping on somebody toes!
>
> Yep, we started seeing this a few days ago, actually. On the 12th.
> It's also been floating around/towards some pretty big multinational
> pharmaceutical companies (I got a copy of one of their internal
> warnings about "Spam" -- missing the point of the malware/mail
> entirely..heh).
>
> The samples we've tested with Virustotal have a miserable detection
> rate, somewhere around 3 of the 40 packages detecting...
>
> I'm guessing it's automated. Re-writes the url for the domain it's
> sent to, they're obviously using wildcards for the DNS (I tested this
> to verify) and the email address in the URL might be used for
> targeting the attack more sharply, or, address verification or
> something else entirely.
>
> So, you're not alone!
>
> Scott A. McIntyre
> XS4ALL Internet B.V.
Ditto for Cogeco, yesterday we saw both our corporate users and our
customers targeted.
Krista
7992
More information about the nsp-security
mailing list