There is a new twist on the IRS emails that have been delivering zbot and other threats over the last month. In some new emails, reports Gary Warner, the link contained in the message is to Geocities.
An example from the CyberCrime & Doing Time blog:
hxxp://geocities.com/FreddyCampbell36/ohuloc.htm
While the users will ultimately end up at the commonly used http://www.irs.gov.blah.blah.co.uk/fraud_application/directory/statement.php?etc... type url, the attackers are now using Geocities as an intermediary.
This makes it increasingly difficult for spam and av scanners to detect the malicious URL and block the email from reaching unsuspecting users. Warner reported that a VirusTotal scan showed very low detection rate - another repackaged zbot to bypass detection.
For more information, including a list of dangerous URLs visit the CyberCrime & Doing Time blog!
http://garwarner.blogspot.com/2009/10/irs-zeus-via-geocities.html
Blogs focused on Web Security and Converged Threats
Twitter Updates
Labels
- banking (1)
- blackhat seo (1)
- blogger (1)
- botnets (5)
- cybersecurity (1)
- firefox (1)
- fraud (1)
- malicious sites (2)
- malware (4)
- misc (1)
- phishing (1)
- scam (3)
- security apps (3)
- twitter (1)
- web security (3)
- websense (2)
Subscribe
Blog Archive
-
▼
2009
(14)
-
▼
October
(9)
- Banking and Virus Scanning with a Live CD
- Obama Stresses Cybersecurity Awareness
- New Zeus Scam Emails and Download Domains
- New Twist on IRS Spam
- Green Cloud Security Firefox Add-On Collection
- Spike in Blackhat SEO: Websense Monthly Report
- Comcast Monitoring Users for Malware and Botnet Ac...
- Web Threats Booming: APWG First Half Report
- Evolution....New Multi-Function Trojan
-
▼
October
(9)
