CyberSec.eu

New “SSL” Spam trying to spread Malware

Oct 14, 2009 Security Events, Security News

I, and others, have been receiving spam messages that claim to be from the “System Administrator” advising people to go to a linked URL that tries to spoof the targets domain somewhat to make it more credible. Mine looked like this (edited slightly for privacy):

Attention!

On October 16, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole.
For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.
This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That’s all.

http://updates.<mysite>.com.secure.admin-data.net/ssl/id=731758587-admin@<mysite>.com-patch66701.aspx

Thank you in advance for your attention to this matter and sorry for possible inconveniences.

System Administrator

Seems that these links direct victims to a site that then installs some nastiness on their PCs:

Threat characteristics of ZBot – a banking trojan that disables firewall, steals sensitive financial data (credit card numbers, online banking login details), makes screen snapshots, downloads additional components, and provides a hacker with the remote access to the compromised system.

(see the entire ThreatExpert report here).

When is the Windows-based malware insanity going to stop?  This, folks, is why I have used Linux for my computing needs for the past five years.  Brian Krebs at the Washington Post agrees.  Anti-virus/anti-malware/personal firewall/PC-prophylactics are not going to stop this kind of thing from happening, so catch the clue-train now and go download a nice Linux distro for your home computer.