Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - New variation of SSL Spam InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New variation of SSL Spam

Published: 2009-10-14
Last Updated: 2009-10-14 18:25:16 UTC
by David Goldsmith (Version: 1)
5 comment(s)

We've received numerous emails about this already today.  This is an update to a diary we did earlier this week.

The body of the spam today is:

  Dear user of the <some company> mailing service!

  We are informing you that because of the security upgrade of the mailing
  service your mailbox (<user>@<some company>) settings were changed. In
  order to apply the new set of settings click on the following link:

The email contains a link with a file to download.  Some of the files we have seen are:

  settings-file.exe   MD5:  0244586f873a83d89caa54db00853205
  settings-file2.exe  MD5:  e6436811c99289846b0532812ac49986

The files are being detected by some anti-virus software programs at this time as Zbot variants.

Thanks Jon, Frank, iTinker, Nick and others for your reports on this.
Keywords:
5 comment(s)
Diary Archives