-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Propagation of malware through spam impersonating System/Mail Administrator
http://www.cert-in.org.in/currentacts/currentact.htm#SMIIW
Date: October 16, 2009
It has been observed that a new wave of spam e-mails purportedly arriving
from the organisations System/Mail Administrators /tech-support team is
circulating widely.
These " highly personalized " spam mails alert users to update/upgrade
system software due to a recent server upgrade and includes an URL or ZIP
attachment. It urges the users to click the URL or open attached ZIP file,
and execute for updation. Some of the attached/downloaded malware are
detected as ZBot /Cutwail variants.
This email message spoofs the sender email address so that the sender looks
like "tech-admin /support @organisation-domain -name" and the links are
having the format
http:||updates.organisation-domain.secure.some-domain
mail|id=<10digitID>-legitimateemail@ organisation-domain .com
- - -patch407574.exe
To make it more convincing, the victim's domain name is used as the
sub-domain and used throughout the message body along with the victim's
e-mail address.
Please check the following URL for some of the screen shots of the
malicious spam.
http://www.cert-in.org.in/currentacts/currentact.htm#SMIIW
Users are advised to implement following countermeasures:
• Block the emails with above mentioned subject lines at Mail Gateway
• Exercise caution while clicking on any link embedded inside the e-mail
message/Instant messages or web pages.
• Install and maintain updated anti-virus software at Mail gateway and
desktop level
• Install and maintain updated anti-spyware software at desktop level
• Keep up-to-date on patches and fixes on the OS and application
software
References
http://securitylabs.websense.com/content/Alerts/3491.aspx
http://blog.trendmicro.com/tailor-made-zbot-spam-campaign-targets-
various-companies/
http://isc.sans.org/diary.html?storyid=7333
http://isc.sans.org/diary.html?storyid=7357
http://www.symantec.com/connect/blogs/personalized-patchupdate-spam-deliver
ing-malware
Note: Please do not reply to this e-mail. For further queries contact
CERT-In Information Desk. Email: info@cert-in.org.in
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSthM93WXeYNsoT30AQqpNAgAz0THG4TvpHoB+Wf7ZuSGLEhhvUIrRaim
G/tJtkUcmQE3T84FgYcFYRZHGyFnJIrVOIIOpLgoiHrBMxJpA+OX0nTezcbOLcvY
9oRW/UhHMle44Ed3lVp1PqDaIm2T8wuGEzwDdHDtvdTlx8bkiSPbEP2hV+67WZBy
A2FvFTIctRk9pA7iEy2pDnhTNiL8/Nfevx7uRqneTAc0CTVMr0jOyKmhIeDDFDJC
CszM3o9CqlywSCgQFQjL9HWi+nn2tQ6R+n/Y6PILG3aSGduGhNoJXYiptK1UyFon
RUYrS4z1aLaagn4VDainYe5gTrmqyjC1yPuwfTtcuGjOgmOHotHkGQ==
=NK02
-----END PGP SIGNATURE-----
For More Security Related Stuff visit http://wiki.secureit.in.A Wiki Website dedicated to Information Security.
No comments:
Post a Comment