The Trojan Matryoshka: April's Malicious Spam
LONDON, May 29, 2014
LONDON, May 29, 2014 /PRNewswire/ --
Malicious attachments in April came disguised as e-greetings and notifications
about faxes. In the case of the former, alleged Easter greetings turned out to
be the Fareit.aonw Trojan with fairly limited functionality: it didn't try to
steal any passwords, but did download and launch a far more dangerous Zbot
Trojan-Spy designed to attack servers and steal personal data. The second case
involved fake messages from a popular online fax service. The messages
contained a small Trojan downloader that installed the same spy program from
the notorious Zeus/Zbot family.
Kaspersky Lab detected several large malicious attacks in April disguised as
faxes sent by the popular online fax service eFax, which allows users to send
and receive faxes as email attachments. The fake messages usually included a
notification about an incoming fax, and to be more persuasive, it would
indicate the number of pages in the fax. However, the zip file actually
contained malware, specifically Trojan-Downloader.Win32.Cabby.a - a rather
small Trojan downloader that carries a CAB file in its body with the document
or graphic that is displayed to the recipient after launching. While the
victim is busy viewing the attachment, Cabby stealthily downloads another
threat. In the cases we observed, the secondary malicious program was from the
same widespread ZeuS/Zbot family (Trojan-Spy.Win32.Zbot.shqe).
The category of organisations most frequently targeted by phishers in April
was 'Email and search engine sites', accounting for 31.9 per cent of attacks.
'Social networks' were in second place with 23.8 per cent (a drop of 0.2
percentage points). 'Financial and payment organisations' came third with 13
per cent (0.2 percentage points less than March).
The target of the month was a large Chinese telecommunications company called
Tencent that, among other things, offers tech support for the QQ instant
messaging client. Scammers tried to get client logins and passwords using some
familiar tricks such as telling users to follow a link to restore access to
their account. The link actually led to a phishing site. The notification was
sent as an image, which helped it bypass spam filters and made the email look
"Last month, we saw a new wave of so-called pump and dump spam. The scammers
behind these mailings advertised offers to buy stock in a certain company at
super low prices, which were allegedly meant to increase considerably in the
near future. As a result, the demand for the stock in the company rose, the
prices became artificially inflated - and the scammers would then sell off
their stock in said company. The stock prices would then begin to fall, and
the bamboozled investors were left with depreciated shares and lost their
investments. As a rule, scammers tend to choose little known companies for
these schemes, where the stock is traded on a secondary market. In April, they
used Rich Pharmaceuticals, a US company," commented Tatyana Shcherbakova ,
Senior Spam Analyst at Kaspersky Lab.
The percentage of spam in global email traffic in April averaged 71.1 per cent
- an increase of 7.6 percentage points compared to the previous month.
More information about spam in April can be found at securelist.com .
About Kaspersky Lab
Kaspersky Lab is the world ' s largest privately held vendor of endpoint
protection solutions. The company is ranked among the world ' s top four
vendors of security solutions for endpoint users*. Throughout its more than
16-year history Kaspersky Lab has remained an innovator in IT security and
provides effective digital security solutions for large enterprises, SMBs and
consumers. Kaspersky Lab, with its holding company registered in the United
Kingdom, currently operates in almost 200 countries and territories across the
globe, providing protection for over 300 million users worldwide. Learn more
at http://www.kaspersky.com .
* The company was rated fourth in the IDC rating Worldwide Endpoint Security
Revenue by Vendor, 2012. The rating was published in the IDC report "Worldwide
Endpoint Security 2013-2017 Forecast and 2012 Vendor Shares (IDC #242618,
August 2013). The report ranked software vendors according to earnings from
sales of endpoint security solutions in 2012.
Follow us on Twitter
Like us on Facebook
Editorial contact: Berkeley PRLauren White email@example.com
Telephone: +44(0)118-909-0909 1650 Arlington Business Park RG7 4SA, Reading
Kaspersky Lab UKRuth Knowles Ruth.Knowles@kasperskylab.co.uk Telephone:
+44(0)7590-440-433 2 Kingdom Street W2 6BD, London
Press spacebar to pause and continue. Press esc to stop.