about the city contact us
search
 
 
 
 
 
Malware city / News / BitDefender® Uncovers FedEx® Spyware
Print | Send on Yahoo! | PDF version | Feed RSS

BitDefender® Uncovers FedEx® Spyware

Date: 08/27/2008

Extremely dangerous piece of malware, Trojan.Spy.ZBot, specially engineered to steal sensitive e-banking data.

BitDefender® researchers have identified a new large spam wave featuring abusive use of the delivery company’s name to deceive users into downloading extremely dangerous malware.

 

E-mail spam from FedEx® with Trojan.Spy.ZBot attached

 

The e-mail spam informs customers that FedEx® was not able to deliver a specific package sent one month ago. The message also asks the recipients to download and print the attached invoice in order to retrieve the package. However, the attached archive does not hold the alleged invoice, but an extremely dangerous piece of malware, known as Trojan.Spy.ZBot or one of its many variants, such as Trojan.Spy.Wsnpoem.HA .

This malware was specially engineered to steal sensitive e-banking data. Once it penetrates a system, it installs in WindowsSystem32 directory, where it creates the rootkit-hidden wsnpoem folder that it populates with the encrypted ntos.exe, audio.dll and video.dll files (in effect, the two so-called “DLLs” are used for configuration and storage purposes). It also creates a registry entry that enables its automatic launch each time Windows® starts up. To harvest the sensitive e-banking details, it injects code into winlogon.exe and iexplorer.exe processes and downloads one or several files from a remote server. It employs these files to store the data it gathers by monitoring the Web browser activity.

“ZBot and its family have an increased damage potential, as they are able to deactivate the firewall, steal sensitive financial data such as credit card and account numbers, as well as login details, make screen shots and create logs of current working sessions,” said Sorin Dudea, Head of BitDefender Antimalware Research. “In addition, it is capable of downloading supplemental components and providing a remote e-criminal with the means to access the compromised system. Hence, we strongly recommend you not to open these e-mails and their attachments and to install and activate a reliable antimalware, firewall and spam filter solution.”

Source: http://news.bitdefender.com
Share our story:
DiggStumbleUpondel.icio.usYahooMyWebFurlGoogle
RELATED INFO:
Well-Known Malware Continues to Dominate BitDefender’s List of Top E-Threats
Trend Micro Announces Email Encryption Solution Portfolio
CategoriesMISCELLANEOUS
VULNERABILITIES
TECHNOLOGIES
AWARDS
SECURITY SOFTWARE
HOW TO....
BETA TESTING
SECURITY ALERTS

Browser Hijacker
A browser hijacker is a program or code that changes your browser settings so that you are redirected to different Web sites. Most browser hijackers alter the default home pages and search pages to those of customers who pay for t...
...more words

RSS Feed
Blogs And Comments RSS News
Malware City Powered by BitDefender  |  privacy policy   |  city map