Alert From the Websense Security Labs
September 2010 by Websense
Websense® Security Labs™ ThreatSeeker™ Network has detected another wave of Zeus malicious email messages. This campaign is related to the familiar "pharma" spam with one exception: this campaign combines an HTML or ZIP attachment with a social engineering technique.
Carl Leonard, Senior Manager, Websense Security Labs: “This is a great example of a blended threat that covers all attack angles –web, email and file based, which steals your data to boot. In this campaign, a mail recipient may get a message to say $375 has been sent to a their account, and include a link to view the transaction. Opening the attachment results in a compromised user machine via an obfuscated JavaScript in the attached HTML file. For email messages that have ZIP attachments, the "label.zip" file contains "label.exe" which is a copy of Zeus – a banking Trojan. The malware copies itself to the C drive and tries to access two sites. So far, we have seen more than 100,000 email messages like this, and counting.”
Anti-Virus detection is presently still low (VirusTotal - 5/43). Websense customers are protected by the real-time protection in the Advanced Classification Engine, ACE.
For a full link to the blog click here: http://community.websense.com/blogs/securitylabs/archive/2010/09/15/cash-quot-labels-and-such-quot-leads-to-zeus.aspx