by Dave Michmerhuizen & Luis Chapetti – Security Researchers
A bill from your cell phone company is routine, right? What about when the amount is unexpected – something like $954.19? That would sure get your attention, wouldn’t it? Assuming your carrier was Verizon, you might just find yourself anxiously clicking on one of the links in this convincing email.
That would certainly be a mistake. Every link in this email leads to sites that host the Blackhole exploit kit, a web application that bombards your browser with malicious code that attempts to assume control and download malware. That is just what happened in our test environment. After a series of attacks was delivered, a copy of Trojan.Zbot was downloaded.
The newest version of a well-known password stealer, Trojan.Zbot monitors your web browsing traffic looking for any username / password pairs, particularly ones associated with online banking, and quietly passes them back to a command and control center via a distributed peer-to-peer network.
As we repeatedly advise in this blog – Never click on links in emails.
You simply cannot tell when they might be good – or phishing – or outright malicious, like these. Always open a fresh browser window and type in the name of the website you want to visit.
Barracuda Networks customers using the Barracuda Spam & Virus Firewall are protected from these emails. Barracuda Web Filters and the Barracuda Web Security Flex service stop the download of this threat.