ZBOT/ZEUS Now Attached in Fake Notification Messages

 Analysis by: Emmanuel Nisperos

The recent spam attacks using the variant of ZBOT/ZEUS malware called ZBERP involve spammed messages containing links which download a zip file containing ZBERP. The mails, pretending to be notifications from UPS, contain not only links for the malware but also an attachment disguised as a PDF file. ZBERP is malware that has combined characteristics of ZBOT/ZEUS and CARBERP - both of which are designed to steal user information.

Trend Micro products detect and block messages from these spam campaigns. Malware attachments are also blocked and detected even before its execution in the computer.

 SPAM BLOCKING DATE / TIME: March 21, 2014 GMT-8
  • ENGINE:7.5
  • PATTERN:0580