Peaches Posted August 3, 2010 Report Share Posted August 3, 2010 Zbot Pushers Abuse ImageShack Email TemplateCompromised websites used to distribute the trojan It seems that attackers copied the real ImageShack account registration confirmation email template and have replaced all legit links inside with ones leading to malicious pages. Users who receive this spam will be able to notice that the same URL, unrelated to the imageshack.us domain, is listed as registration confirmation link, password change link, password recovery link, homepage link as well as common questions link. Visiting this URL takes users to a page employing a common Flash Player update social engineering trick. What is interesting about this scam is that the Flash Player update warning is actually displayed as a GIF image loaded from the legit thecoca-colacompany.com website. It's only the link attached to it that has been changed to prompt the download of an malicious executable called adobe_flash_install.exe. "Installing the file would land the unsuspecting victim with a Zbot infection. […] We detect this file as Trojan.Win32.Generic!BT. While coverage is good for that particular file across most AV products, there's a good chance we'll see updated 'Imageshack' mails going out with fresh links, files and exploits so please: if you don't remember signing up to something, don't let curiosity get the better of you and simply delete the email," Christopher Boyd, a security researcher at Sunbelt, advises. More details here: http://news.softpedi...te-149075.shtml Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.