Symantec Warns of New Wave of Trojan Spam

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

A new spam campaign making its way around the Internet features a credential-stealing Trojan concealed in attachments with subject titles that look familiar and safe, but they could end up stealing users' banking and other personal information once they're clicked on, according to security vendor Symantec.

In a security advisory Symantec (NASDAQ: SYMC) said the Trojan.Zbot arrives as a .ZIP attachment in an unsolicited email that masquerades as something benign like a birthday invitation, a collection of photos or a resume.

"This Trojan has primarily been designed to steal confidential information, such as online credentials or banking details, but it can be customized to gather any sort of information from the compromised machine," Symantec security researcher Samir Patil wrote in the blog entry.

The attachment file size is 119KB and, according to Patil, often displays pseudo-random file names, such as "lance armstrong.zip," "pricing.zip" or "resume.zip."

Symantec officials said the Trojan.Zbot has thus far been found attached to emails with subject titles, such as "First Birthday Invitation," "Resume & Coverletter Feedback," "Your reservation is confirmed- Ref. 00338/058758" and "Employee Orientation."

Socially engineered malware has become the norm rather than the exception so far in 2010 as hackers improve their infection success rate by designing malware that uses terminology and graphics that are found on popular sites, such as Facebook and Twitter.

The emergence of this approach has coincided with more virulent strains of malware, particularly two-headed Trojans that seek out and disseminate users' passwords, log-in credentials and other banking information.

It's also come amid a surge in overall malware activity. Last week, Symantec's fellow security software vendor McAfee (NYSE: MFE) said that it discovered more than 10 million new pieces of malware in the first six months of this year, an all-time record for any six-month period on record.

To avoid infecting your PC or mobile device with this latest Trojan, Symantec's security team made some familiar recommendations.

"We caution users not to open or click on the links or attachments of emails such as these and to be suspicious of unsolicited email that contains attachments or links," Patil wrote. "Symantec recommends having anti-spam and antivirus solutions installed and up-to-date to prevent the compromise of personal machines or networks."

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.