[nsp-sec] Zbot | Zues activity on 10-14-2009

Dave Mitchell davem at yahoo-inc.com
Thu Oct 15 14:03:18 EDT 2009 

Us, too. We've seen a lot spoofed from "System Administrator" or other
tech looking entities within our company. The original malware we saw
via url was also poorly detected by AV.

-dave

On Thu, Oct 15, 2009 at 11:08:33AM -0400, Krista Hickey wrote:
> ----------- nsp-security Confidential --------
> 
> On Oct 15, 2009, Scott A. McIntyre wrote:
> > 
> > On Oct 15, 2009, at 14:27 , Shelton, Steve wrote:
> > 
> > > ----------- nsp-security Confidential --------
> > >
> > > Morning!
> > >
> > > Did anyone receive any direct love yesterday from the Zbot-Zues
> crew?
> > > We had a few waves of targeted exploit attempts guised as a Phishing
> > > attempt and wondering if anyone else saw the same or if it was just
> me
> > > stepping on somebody toes!
> > 
> > Yep, we started seeing this a few days ago, actually.  On the 12th.
> > It's also been floating around/towards some pretty big multinational
> > pharmaceutical companies (I got a copy of one of their internal
> > warnings about "Spam" -- missing the point of the malware/mail
> > entirely..heh).
> > 
> > The samples we've tested with Virustotal have a miserable detection
> > rate, somewhere around 3 of the 40 packages detecting...
> > 
> > I'm guessing it's automated.  Re-writes the url for the domain it's
> > sent to, they're obviously using wildcards for the DNS (I tested this
> > to verify) and the email address in the URL might be used for
> > targeting the attack more sharply, or, address verification or
> > something else entirely.
> > 
> > So, you're not alone!
> > 
> > Scott A. McIntyre
> > XS4ALL Internet B.V.
> 
> Ditto for Cogeco, yesterday we saw both our corporate users and our
> customers targeted.
> 
> Krista
> 7992 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20091015/c8f879f5/attachment-0001.sig>

More information about the nsp-security mailing list