Incident Response, Malware, TDR

Policy violation letters trick SMB workers into downloading malware

A recent spam wave detected by Bitdefender tricks employees at small and medium-sized businesses (SMBs) into downloading Zbot or Zeus via letters that accuse them of breaking company policy.

The malware steals banking credentials as well as financial usernames and password, and email and FTP information. Bitdefender discovered that the wave began accelerating a week ago, after “dozens of unique .ARJ compressed files” infected computers.

Using ARJ-compressed files to distribute malware, heretofore a rarity, is growing in popularity, in part, because they're easily opened by a number of zip file software programs. 

Because that compression systems is used infrequently, “spammers very well may think of it as a new method to avoid being detected by traditional security” solutions, Bitdefender antispam researcher, Adrian Miron, said in a release

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.