NEWS CATEGORIES:

NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>

Find us on Google+

Home > News > Security

July 30th, 2010, 11:38 GMT · By Lucian Constantin

Social Security Statement Spam Campaign Spreads Malware

Adjust text size:

Zbot pushers impersonate the Social Security Administration

A new aggressive spam campaign is distributing a Zbot variant disguised as a Social Security statement. Security researchers warn that over 600 million emails carrying the infected attachment have been sent out by the Cutwail botnet in the past 24 hours.

The infected emails masquerade as official noficiations from the Social Security Administration. Their subject is “Review your annual Social Security statement” and the From field is spoofed to appear as if they originate from a notification@ssa.gov address.

“Due to possible calculation errors, your annual Social Security statement may contain errors. Open attached file to review your annual Social Security statement,” the rogue messages read. The attachment is an archive file called statement.zip containing a malicious executable file.

In order to disguise it, the cyber crooks have forged the file properties to present it as a “VMware Virtual Disk Manager” and list “VMware Inc.” as publisher. But, in reality, running the .exe installs a variant of the Zbot trojan, which as of earlier today is detected by 17 of the 42 antivirus engines on VirusTotal.

According to MessageLabs, the spam campaign is very aggressive and the infected messages are sent out by the Cutwail/Pushdo spam botnet. “Cutwail botnet email 'Review your annual Social Security statement' started 29-Jul-2010 13:00 GMT, estimate 600 million sent globally so far,” Symantec's hosted email security services arm, warned via Twitter.

However, it should be noted that this is a variation of a similar campaign that has been spotted in November 2009. The lure was identical, but the message instructed recipients to click on a link instead of opening an attachment. The link led users to a page serving a different Zbot installer for download as a file called statement.exe.

The change in delivery method is consistent with the findings of most antivirus companies, which reported that email-borne threats are making a comeback this year. Users are advised to treat email attachments with suspicion and run an up-to-date antivirus program on their computer at all times.

You can follow the editor on Twitter @lconstantin

FILED UNDER:

Social Security statement

TELL US WHAT YOU THINK:

2,565 hits · 2 comments · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:

Malware Distributed as McAfee VirusScan Trial

Zbot Pushers Abuse ImageShack Email Template

Zbot Exploits MasterCard and Visa and Anti-fraud Programs

Fake DHL Emails Distribute New Trojan

Phishers Leverage the Australian Tax Refund Season Again

READER COMMENTS:

Comment #1 by: guy shea on 02 Aug 2010, 03:22 UTC	reply to this comment
Solutions please. I saw your comment about the SSA-linked malware after trying to open the attachment to this mail (statement.exe) and being told that it was and unknown software app and could not be opened. Do I need to worry about this? How can I search for it and remove? Does the free Malware searcher listed on the webpage with this news find this particular zbot??

Comment #2 by: Fred on 05 Aug 2010, 08:33 UTC	reply to this comment
I hope there's a special place in hell reserved for the human scum destroying email and the internet for their own greed.

SUBMIT PROGRAM \| ADVERTISE \| GET HELP \| SEND US FEEDBACK \| RSS FEEDS \| UPDATE YOUR SOFTWARE \| ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved. Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.	Copyright Information \| Privacy Policy \| Terms of Use