Stratfor subscribers targeted by passwords-stealing malicious emails

Summary:Cybercriminals are quick to capitalize on the Stratfor database leak, and are currently spamvertising malicious emails impersonating the company.

Cybercriminals are quick to capitalize on the Stratfor database leak, and are currently spamvertising malicious emails impersonating the company.

Researchers from Barracuda Labs have intercepted a malicious email campaign impersonating the company. Using  “Stratfor: Beware of false communications” subjects, the emails contain a PDF file enticing end and corporate users into downloading an antivirus package (supposedly McAfee).

Detected as PWS-Zbot.gen.ry, the bogus antivirus package will harvest stored passwords from the infected hosts and send them back to the command and control server. Moreover, the malware will scan the local hard drive for .PDF, .XLS and .DOC files, and will upload them to a remote site, relying on the File Transfer Protocol (FTP).

Users are advised to avoid interacting with the emails, and immediately report them as spam/malicious.

Topics: Collaboration

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.