Comments on: Spamvertised Verizon-themed ‘Your Bill Is Now Available’ emails lead to ZeuS crimeware

By: Fake ‘Verizon Wireless Statement” themed emails lead to Black Hole Exploit Kit | Webroot Threat Blog - Internet Security Threat Updates from Around the World

Thu, 21 Feb 2013 13:34:26 +0000

[...] customers across the globe in an attempt to trick them into interacting with the fake emails. Throughout 2012, we intercepted two campaigns pretending to come from the company, followed by another campaign [...]

By: Spamvertised ‘Your Recent eBill from Verizon Wireless’ themed emails serve client-side exploits and malware « Webroot Threat Blog – Internet Security Threat Updates from Around the World

Fri, 04 Jan 2013 13:10:08 +0000

[...] 2012, we intercepted two malicious campaigns impersonating Verizon Wireless in an attempt to trick its customers into clicking on links pointing [...]

By: Cybercriminals impersonate Verizon Wireless, serve client-side exploits and malware « Webroot Threat Blog – Internet Security Threat Updates from Around the World

Sat, 27 Oct 2012 07:01:00 +0000

[...] last time we intercepted a Verizon Wireless themed malicious campaign was in March 2012. We expect to see more campaigns impersonating this company, thanks to the [...]

By: Spamvertised ‘US Airways reservation confirmation’ themed emails serve exploits and malware « Webroot Threat Blog

Tue, 18 Sep 2012 07:00:35 +0000

[...] then, we found an identical campaign structure between the US Airways themed campaign and the “Spamvertised Verizon-themed ‘Your Bill Is Now Available’ emails lead to ZeuS crimeware” ; “Spamvertised LinkedIn notifications serving client-side exploits and malware“ campaigns, [...]

By: ddanchev

ddanchev — Wed, 18 Jul 2012 13:15:13 +0000

Hi Betty,

Basically, once the client-side exploitation take place, a copy of the Pony malware will be dropped on the infected hosts. It will actively look for accounting data on the infected PC and send it back to the cybercriminals. It will then downloading its secondary payload, which in this case is the ZeuS crimeware aiming to steal online banking credentials and hijack online banking sessions.

Even if Webroot SecureAnywhere somehow missed any of the malicious files participating in the campaign, its behavior-blocking technology would pick up the malicious attempts to execute, and block them.

Thanks,
Dancho

By: Betty Bealler

Betty Bealler — Wed, 18 Jul 2012 02:36:40 +0000

Sorry need to speak in laymans’ terms. What would the Verizon themed ‘your bill is now available’ actually do to my pc? And since I have webroot would I be protected from this? As I had something infect my contact list twice in the past two months and send out bogus/spam emails to all of my contacts with links. I’m guessing something may have slipped past the security?

By: Spamvertised ‘Your Amazon.com order confirmation’ emails serving client-side exploits and malware « Webroot Threat Blog

Wed, 13 Jun 2012 15:09:28 +0000

[...] Spamvertised Verizon-themed ‘Your Bill Is Now Available’ emails lead to ZeuS crimeware [...]

By: A peek inside a managed spam service « Webroot Threat Blog

A peek inside a managed spam service « Webroot Threat Blog — Thu, 17 May 2012 17:20:15 +0000

[...] How does the service differentiate itself from the rest of the propositions within the cybercrime ecosystem? By emphasizing on key core competencies such as managed QA (quality assurance) ensuring that the message about the get spammed will successfully bypass anti-spam filters. Next to this option, the service also offers the availability of graphic designers capable of producing custom layouts on request. Not surprisingly, thanks to the fact that the service is build around the concept of anonymity, a customer could easily request the design of spam templates impersonating Google, Facebook, USPS, LinkedIn, U.S Airways, or Verizon Wireless. [...]

By: Spamvertised ‘US Airways’ themed emails serving client-side exploits and malware « Webroot Threat Blog

Tue, 03 Apr 2012 19:08:20 +0000

[...] launched by the same gang of cybercriminals that recently launched the following campaigns “Spamvertised Verizon-themed ‘Your Bill Is Now Available’ emails lead to ZeuS crimeware” ; “Spamvertised LinkedIn notifications serving client-side exploits and [...]