Analysis by: Neil Yves Pondo

Trend Micro researchers spotted spammed messages that contain an attachment bearing details of winning a prize from Google, in line with the company's supposed 12th anniversary. As mentioned, the email uses the Google name as the sender. The message instructs the recipient to open the attachment to get details of claiming prizes. Note that Google celebrated its 13th year in 2011.



When the attachment is opened, malware detected as TSPY_ZBOT.JHD is executed on the recipient's system. ZBOT, also known as ZEUS, malware steals information specifically related to finance or online banking credentials. It monitors browser address bars and is triggered when users access specific finance or banking-related sites. It sends all information gathered unknowingly to a remote site.



As always, users should never open email attachments that are from untrusted or unknown users. Verify claims of winning direct with company sites or through customer service telephone numbers.

 SPAM BLOCKING DATE / TIME: 02 июня 2012 GMT-8
 TMASE
  • TMASE Engine: 6.8
  • TMASE Pattern: 8944