An old Russian cybercriminal group is back with a new sample of the ZeuS trojan

Oct 17, 2013 09:34 GMT  ·  By

Bogus Pinterest emails designed to spread a piece of malware inform recipients that one of their Facebook friends has joined Pinterest.

The emails, analyzed by Conrad Longmore of Dynamoo’s Blog, are entitled “Your Facebook friend Andrew Hernandez joined Pinterest” and they read something like this:

“Your Facebook friend Andrew Hernandez just joined Pinterest. Help welcome Carol to the community! Visit Profile.”

The messages don’t make much sense. However, some users might rush to click the “Visit Profile” button. Those who click the button are taken to a fake browser download page that’s designed to serve a malicious file.

The most worrying fact is that at the time when Longmore performed his analysis, only Kaspersky products detected the threat as being a variant of the notorious ZeuS malware.

The expert highlights the fact that the domain used to push the malware is hosted on an IP address utilized by a Russian cybercriminal gang that has been absent for a long time.

Malicious social media notifications can be cleverly designed. However, if you analyze them carefully before clicking on the links they contain, you can surely tell apart the real ones from fakes.