New Zeus Scam Emails and Download Domains

There are some new Zeus emails going around that folks should be aware of. These emails, as reported by the Securosis blog, pretend to be from a system administrator. The administrator asks them to "run SSl updates procedure" as below.

Attention!
On October 22, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour. The changes will concern security, reliability and performance of mail service and the system as a whole. For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure. This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That's all.

http://updates.[cut for safety]

Thank you in advance for your attention to this matter and sorry for possible inconveniences.

System Administrator

A new list of Zeus domains was also recently listed on the MDL, which is most likely in connection with this scam. All link back to the same IP address - 218.93.248.232 - and host a patch.exe file.

Here is a list of the domains, be careful not to follow them without protection. The downloaded file will likely have very low detection rates through virus scanners.

1-adm.com
1-adm.net
1-adm.org
1-admin.org
1-central.org
1-cert.org
1-data.org
1-db.org
1-upd.com
1-upd.net
1-upd.org
1data-upd.com
1data-upd.org
1ssl-certs.org
1ssl-network.org
adm-1.net
adm-1.org
admin-data.org
admin-db.org
admin-services1.com
admin-services1.net
admin-services1.org
admin-systems.org
admindatacenter.org
central-updates.org
cert-db.com
cert-db.net
cert-db.org
cert-services.org
cert1.org
certificates-db.com
certificates-db.net
certificates-db.org
db-1.org
digi-1.net
digi-1.org
first-update.com
first-update.org
mailserver-updates.com
mailserver-updates.net
mailserver-updates.org
nixserver-systems.org
oneupdate.org
secure-admins.com
secure-admins.net
secure-admins.org
servadmin.net
servadmin.org
ssl-datacontrol.org
ssl-updates.org
up1-mail.org
upd-center.org
upd-central.org
upd-services.org
updata-1.org
usaadmin.net
usaadmin.org
webmin1.com
webmin1.net
webmin1.org

For more info on the Zeus/Zbot trojan read back to the post a couple of weeks ago. This is one of the most dangerous botnets out there, and it can be very easy to fall for these scams.


Credit to Securosis blog for the email and MDL for the domain list!
 

Green Cloud Security

Web security and converged threats are among the biggest issues in network security. Green Cloud Security provides the latest information on these threats.

Follow us on Twitter and RSS!

twitter / greencloudsec



Term of Use

My Blog List

SANS ISC SecNewsFeed

Security Bloggers Network