Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

"a new settings file for" - receivedt it only by chance, or the first sign of a large scale spam campaign?

0 views
Skip to first unread message

Gabriele Neukam

unread,
Oct 15, 2009, 11:25:31 AM10/15/09
to

(Ersetze <hb7ep6$2di$00$1...@news.t-online.com>)

Today I received a mail that had the subject "A new settings file for
the (notmyownlocalpart)@t-online.de has just been released", which
according to VT contained the downloader for a trojan horse.

http://www.virustotal.com/de/analisis/2246dccc8dca8e8c3a708b99971d027ef64e129d02ab1456cd58aa8abdde4de1-1255615960

How many of you got them, too? Avira calls it a ZBot variant and says
it will steal banking data, see
http://www.avira.com/en/threats/section/fulldetails/id_vir/4543/tr_spy.zbot.9164.1.html

Microsoft identifies it as FakeRean which is a fake/rogue "antivirus".
Weird.

Googling for the sequence of the first five words already provides a
considerable number of hits, and none of the linked entries seems to be
older than three weeks. Is this a new spamrun / attack of a certain
malware group?


Gabriele Neukam

Gabriele.Spam...@t-online.de

--
Often those who most loudly proclaim their freedom to choose in some
fields are the most retentive about 'correcting' others' choices in
other fields.
(Brian Brunner in alt.games.diablo2)


0 new messages