Trojan-Pushu « Webroot Threat Blog

New Bank Phisher Brings Added Functionality, Problems

February 23, 2011 – 4:23 pm

By Andrew Brandt I didn’t want to let too much time pass before I wrote about a new Zbot-like bank phishing Trojan variant that came across my desk last week. The keylogger started arriving the first week of February as an attachment to a spam email designed to look like it came from United Parcel [...]

By mguthrie09 | Posted in Botnet activity, Downloaders, Keyloggers, phishing, Phishing Trojans, social engineering, spam, Stupid malware tricks, Threat Research | Tags: Bank of America, Capital One, Chase, cheburash.com, Cutwail, eveningquest.com, HKEY_CURRENT_USER\Software\Microsoft setiasworld, nightphantom.com, Rapport, romanspamer.com, The Adventures of Cheburashka and Crocodile Gena, Trojan-Backdoor-Downfall, Trojan-Backdoor-Poebot, Trojan-Pushu, Trusteer, TRxGM, United Parcel Service notification, USPS_Document.zip | Comments (2)

Keylogger Poses as Document from Spain’s Central Bank

June 21, 2010 – 2:06 pm

By Andrew Brandt An attempt to push down the Trojan-Backdoor-Zbot password thief to Spaniards may signal a new wave of attacks by a crew of attackers who spent the better part of 2009 trying to convince gullible Internet users in different countries to download and execute Zbot installers poorly disguised as transaction records or other [...]

By mguthrie09 | Posted in Keyloggers, Phishing Trojans, social engineering, Stupid malware tricks, Threat Research | Tags: Banco de España, BdE, declaracion.exe, descargar declaración, download statement, Trojan-Backdoor-Zbot, Trojan-Pushu, Zbot, Zeus | Comments (2)

Spammed Trojan Won’t Run Under Windows XP

June 14, 2010 – 2:07 pm

By Andrew Brandt While it is far from the first Trojan ever to simply fail to execute under Windows XP, it definitely caught our eye that a variant of Trojan-Downloader-Tacticlol distributed last week in a spam campaign only fully executed under Windows Vista or newer operating systems. It may have been just a fluke, but [...]

By mguthrie09 | Posted in social engineering, spam, Stupid malware tricks, Threat Research | Tags: Hide File Extensions for Known File Types, HKLM\software\classes\idid, Pushu, Statement_of_Fees_2009-2010.DOC.exe, Statement_of_Fees_2009-2010.zip, Sysinternals Antivirus, Tacticlol, TDSS, Trojan-Agent-TDSS, Trojan-Backdoor-TDSS, Trojan-Downloader-Tacticlol, Trojan-Pushu, TRxGM, Zbot | Comments (3)

Fake Amazon.com Order Emails Bring a Trojany “Friend”

May 17, 2010 – 4:37 pm

By Andrew Brandt An ongoing campaign where malware distributors use email spam to deliver dangerous programs to unwitting victims has begun to change its tune, switching the scam to incorporate different brands. In the latest scam, the message appears to be an order confirmation from Amazon.com for the purchase of an expensive consumer electronics item, [...]

By mguthrie09 | Posted in Destructive behavior, Downloaders, social engineering, spam, Stupid malware tricks, Threat Research | Tags: Amazon.com, itunes, Oficla, Pushdo, Pushu, Sasfis, shipping confirmation, Sony Bravia S8056, Tacticlol, Trojan-Backdoor-Zbot, Trojan-Downloader-Tacticlol, Trojan-Pushu, Zbot | Comments (7)

Trojan Masquerades as iTunes Gift or Résumé

May 12, 2010 – 10:06 am

By Andrew Brandt If you received one or more email messages over the past week that claim to contain an attached gift certificate for the Apple iTunes store or an unsolicited résumé, you probably received the latest scam involving the Tacticlol downloader. The iTunes-themed spam messages use the forged return address of gifts.certificate@itunes.com and read, [...]

By mguthrie09 | Posted in Stupid malware tricks, Threat Research, Phishing Trojans, social engineering, spam | Tags: Cutwail, Pushdo, Trojan-Pushu, Tacticlol, Oficla, Sasfis, You have received an iTunes Gift Certificate in the amount of $50.00. You can find your certificate code in the attachment below, Please review my CV, Thank you!, iTunes Gift Certificate, UPS_invoice_####.exe, DHL_label_nr###.exe, Resume_document_###.exe, iTunes_certificate_###.exe, c99 madShell v. 3.0 Blog edition, c99madShell, gifts.certificate@itunes.com | Comments (2)

Getting a “Conract” Doesn’t Make You a Rock Star

April 30, 2010 – 2:01 pm

By Andrew Brandt If you’re a rock-and-roll star, anticipating the imminent arrival of a new recording contract from your lawyer, you can stop reading this post. If you’re not, I’m sorry to be the one to tell you, it was not your hours of practice playing Rock Band, or singing in the shower, that attracted [...]

By mguthrie09 | Posted in Stupid malware tricks, Threat Research, social engineering, Destructive behavior | Tags: Pushu, Pushdo, Trojan-Pushu, Tacticlol, Our lawyers made alterations on the last page, we are ready to make the payment on Friday for the first consignment, We are enclosing the file with the prepared contract, Trojan-Downloader-Tacticlol, Oficla, Sasfis, Fregee, Losabel | Comments (4)

Pushu Variant Spams Hotmail, Cracks Audio Captchas

March 22, 2010 – 5:01 am

By Andrew Brandt A new version of Trojan-Pushu is doing some interesting stuff to bypass captchas used by Microsoft’s Hotmail/Live.com/MSN webmail services in order to spam people with links to malicious Yahoo Groups pages. The three-year-old spy (known by a variety of other aliases, including Cutwail, Pushdo, Diehard, and Rabbit) has always been, primarily, a [...]

By mguthrie09 | Posted in spam, Stupid malware tricks, Threat Research | Tags: audio captcha, Become more emancipated man, captcha, Cutwail, Diehard, God wants you to look this hot photos right now!, Hacked Blackbook, Hotmail, Keep posting such photos on facebook, Live.com, Look at these delineations!, MSN, Pushdo, Pushu, Rabbit, spam, spambot, Trojan-Pushu, You are looking so manhood on your delineations. | Comments (8)

Follow

Follow “Webroot Threat Blog”

Powered by WordPress.com