Published On: Fri, May 30th, 2014

Malicious Spam this April – The Trojan Matryoshka


Kaspersky Lab has detected to a certain extent from its quarter, a lot of huge malicious attacks in April camouflaged as faxes being sent by the popular online fax service eFax, which allows users to be able to send as well as receive faxes by means of email attachments. The fake messages from their end generally comprised a notification regarding an incoming fax, and to be more persuasive, it would indicate the number of pages in the fax. Nevertheless, the zip file actually contained malware, particularlyTrojan-Downloader.Win32.Cabby.a — a somewhat small Trojan downloader that from its part carries a CAB file in its body with the document or graphic that is displayed to the recipient after launching. Despite the fact that the victim is busy viewing the attachment, Cabby furtively downloads an additional threat. In the cases being observed, the secondary malicious program was from the same rampant ZeuS/Zbot family (Trojan-Spy.Win32.Zbot.shqe).

The Story so far was that – Malicious attachments in the month of April arrived masquerading as e-greetings as well as notifications about faxes. In the episode entailing the former, alleged Easter greetings turned out to be the Fareit.aonw Trojan braced with fairly limited functionality: however from its part these didn’t attempt to steal any passwords, but did download as well as propelled into action a far more dangerous Zbot Trojan-Spy designed to attack servers plus snip personal data. The second instance from its barrio entailed fake messages sourced from that of a popular online fax service. The messages in turn contained a small Trojan downloader that installed the same spy program from the stables of the infamous Zeus/Zbot family.

The Saga of Phishing so far

The consortium of organizations most frequently targeted by phishers in April was ‘Email and search engine sites’, accounting for 31.9% of attacks. ‘Social networks’ stood at second place by way of 23.8% (a drop of 0.2 percentage points). ‘Financial and payment organizations’ arrived third with 13% (0.2 percentage points less than March).

The target of the working month remained a large Chinese telecommunications company known as Tencent that, in the midst of other things, makes available tech support for the QQ instant messaging client. Scammers from their barrio tried to get client logins as well as passwords making use of some acquainted tricks as for instance telling users to follow a link to restore access to their account. The real deal here was that the link actually directed towards a phishing site. The notification here was sent as an image, which facilitated it to circumvent spam filters and made the email appear more valid.

“Last month, we saw a new wave of so-called pump and dump spam. The scammers behind these mailings advertised offers to buy stock in a certain company at super low prices, which were allegedly meant to increase considerably in the near future. As a result, the demand for the stock in the company rose, the prices became artificially inflated — and the scammers would then sell off their stock in said company. The stock prices would then begin to fall, and the bamboozled investors were left with depreciated shares and lost their investments. As a rule, scammers tend to choose little known companies for these schemes, where the stock is traded on a secondary market. In April, they used Rich Pharmaceuticals, a US company,” remarked Tatyana Shcherbakova, Senior Spam Analyst at Kaspersky Lab.

About the Author

Jawed Akhtar

- A Journalist by interest and a Music Enthusiast by passion. Wedded to Mother Nature, Jawed indulges his aesthetics in travelling and reading books of varied genres. Having covered News stories for top Dailies in his formative years, that is, he is game for tryst with Technology at Techmagnifier.

Malicious Spam this April – The Trojan Matryoshka