Stratfor subscribers targeted by malware-ridden emails

Share this article:

A letter addressed to the stolen email addresses of Stratfor customers claims to be a helpful reminder of malware scams, but is actually bait to spread the Zbot trojan.

The devastating breach of global affairs firm Stratfor last last year continues to reap rewards for its purveyors.

As members of Anonymous sort through the 5.2 million plundered emails to find evidence of secret correspondences among the intelligence, military and government sectors, more financially motivated hackers are again on the attack.

This time, according to the Microsoft Malware Protection Center on Monday, online miscreants are leveraging the stolen subscriber list -- complete with names and emails  of 860,000 people -- to send malware-infested messages.

Security researcher Rodel Finones said the emails arrive with an attachment, titled "stratfor.pdf." Clicking on the attachment opens a letter directed to "Stratfor readers" that, ironically, claims to warn them of the possibility that phishers may send them emails containing viruses. 

To remedy themselves, recipients are encouraged to click on a dubious link contained in the letter, one which leads to a compromised site hosted overseas, possibly in Turkey or Poland, which attempts to distribute a variant of the Zbot, or Zeus, trojan.

Zbot is known for its ability to siphon information from a compromised user's machine.

As a result of this wave of malicious emails, Stratfor is implementing a no-link-or-attachment rule when sending emails to subscribers, CEO George Friedman said in an apology letter.

"Be assured," he wrote. "Our website -- Stratfor.com -- is the most secure place for you to interact with us. You can visit us by typing Stratfor.com into your browser."

Late last month, Austin, Texas-based Stratfor was hit with a $50 million lawsuit from customers whose credit card information was lost in the attack, according to published reports.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.