Stratfor subscribers targeted by passwords-stealing malicious emails

Stratfor subscribers targeted by passwords-stealing malicious emails

Summary: Cybercriminals are quick to capitalize on the Stratfor database leak, and are currently spamvertising malicious emails impersonating the company.

SHARE:
TOPICS: Collaboration
0

Cybercriminals are quick to capitalize on the Stratfor database leak, and are currently spamvertising malicious emails impersonating the company.

Researchers from Barracuda Labs have intercepted a malicious email campaign impersonating the company. Using  “Stratfor: Beware of false communications” subjects, the emails contain a PDF file enticing end and corporate users into downloading an antivirus package (supposedly McAfee).

Detected as PWS-Zbot.gen.ry, the bogus antivirus package will harvest stored passwords from the infected hosts and send them back to the command and control server. Moreover, the malware will scan the local hard drive for .PDF, .XLS and .DOC files, and will upload them to a remote site, relying on the File Transfer Protocol (FTP).

Users are advised to avoid interacting with the emails, and immediately report them as spam/malicious.

Topic: Collaboration

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion