Apple Invoice Spam Delivers Zeus/ZBot Trojan


Sophos researchers are warning of a new spam campaign of relatively convincing fake Apple invoices that redirect recipients to the Blackhole exploit kit.

"The online criminals who circulated the fake invoices are using a form of social engineering where users think they are being billed for an expensive product they never bought. ... If a user clicks on any of the links contained in the email they are taken to a page proclaiming to be the IRS telling them their browser is unsupported -- a typical Blackhole exploit trick -- and [offering] a range of browser options," writes Silicon Republic's John Kennedy.

"This is typically used to exploit vulnerabilities in Java, Adobe Reader and Adobe Flash Player, Sophos warns, which can lead to systems getting infected by a Zeus/Zbot Trojan," writes IT PRO's Caroline Donnelly. "However, if none of the exploits work, users are instructed to download a more recent version of their web browser, which contains a copy of the Zeus banking Trojan. 'The end result is that users' Windows computers are infected by malware that can log keystrokes and compromise bank accounts,' said Sophos."

"It is always a bad idea to click links that appear in our inboxes, but we may be more likely to do so when we think we are being charged for an illegitimate transaction," writes Sophos' Chester Wisniewski. "Don't do it. Like anything else, always be suspicious of things that come to you and use a trusted external method of verification. ... This is especially important advice at this time of year, as we typically see increased criminal activity during the Christmas season. Be on your guard."