Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

"a new settings file for" - receivedt it only by chance, or the first sign of a large scale A new settings file for the ablaugerei.lemke@t-online.de has just been releasedcampaign?

0 views
Skip to first unread message

Gabriele Neukam

unread,
Oct 15, 2009, 11:24:01 AM10/15/09
to

Today I received a mail that had the subject "A new settings file for
the (notmyownlocalpart)@t-online.de has just been released", which
according to VT contained the downloader for a trojan horse.

http://www.virustotal.com/de/analisis/2246dccc8dca8e8c3a708b99971d027ef64e129d02ab1456cd58aa8abdde4de1-1255615960

How many of you got them, too? Avira calls it a ZBot variant and says
it will steal banking data, see
http://www.avira.com/en/threats/section/fulldetails/id_vir/4543/tr_spy.zbot.9164.1.html

Microsoft identifies it as FakeRean which is a fake/rogue "antivirus".
Weird.

Googling for the sequence of the first five words already provides a
considerable number of hits, and none of the linked entries seems to be
older than three weeks. Is this a new spamrun / attack of a certain
malware group?


Gabriele Neukam

Gabriele.Spam...@t-online.de

--
No I am not a troll. Just a beginner and lazy!!!!!!!!!!!
(leepeach in alt.comp.virus, asked why (s)he was repeatedly asking the
same question)


FromTheRafters

unread,
Oct 15, 2009, 1:48:27 PM10/15/09
to
See Virus Guy's post about "Interesting example of social-engineering
trojan hook"

...whatever that means

"Gabriele Neukam" <Gabriele.Spam...@t-online.de> wrote in
message news:hb7ep6$2di$00$1...@news.t-online.com...

0 new messages