F-Secure: Link-based RBot seeding
Mikko writes over on the F-Secure "News from the Lab" Blog:
Somebody has lately been seeding emails like the one pictured below.
[Click on image for enlargment.]
Obviously, they are not from Symantec. And when you click the link, you end up getting redirected to a web page which will initiate an autodownload of a file called "rxBot.exe", which is - you guessed it - a variant of the RBot family.
A mail like this will pass most corporate email filters. There's no attachment. There's no masked link either, so phishing filters probably won't detect it.
It all goes down to whether the end user can be tricked to click on the link and accept the download or not.
If you're a sysadmin, you might want to block access to www.thefive.us at your firewall right about now (abuse messages have been sent).
...and a trojan called W32om3/1.bbc? Oh come on, give me a break!
posted by Fergie @ 10/20/2005 07:29:00 AM
0 Comments:
Post a Comment
<< Home