Daily cyber threats and internet security news: network security, online safety and latest security alerts
September 17th, 2008

U.S Schools Are Targeted In Malware Spam Campaign

MessageLabs intercepted a targeted, email-borne malware attack on US schools and government organizations starting in early September. The majority of attacks are located in New Mexico, Virginia, Illinois and Hawaii. The attack comprised more than 1000 emails from only 15 source IP addresses, most of which were located in the former Soviet Union on consumer-based address ranges signaling that the attacks are the result of a botnet that may be looking to expand.

Analysis reveals that dispersement lasted almost two days and used social engineering techniques to deliver the malware, Trojan-Spy.Win32.Zbot.ele, as both an executable email attachment and a link within an email, disguised as a Microsoft Windows Update. There were three similar attacks targeting US schools, businesses and state governments. According to MessageLabs, these attacks may be deploying the Antivirus XP 2008 malware.

The attackers are taking advantage of host already infected with malware and using them as stepping stones for launching the attacks. Eventually, U.S based infected hosts are used to launch targeted attacks against U.S schools and organizations.

Criminals are putting more efforts into the quality assurance of their campaigns by means of localizing the spam message to the native language of the receipts, known due to the segmented email database belonging to a particular sector that they’ve already purchased. However, in this particular targeted attack they seem to have underestimated the personalization of the emails, and despite the obvious segmentation of potential victims to spam, were taking advantage of average social engineering tactics more suitable for a large scale malware campaign.

The victim counts from these attacks is over 15,000 corporate users in 15 months. Victims include Fortune 500 companies, government agencies, financial institutions and legal firms. In these attacks, the goal is to gain access to corporate banking information, customer databases and other information to facilitate cyber crime. Two groups of attackers have carried out 95 percent of these attacks.

Share this item with others:

More on CyberInsecure:
  • School Websites In UK Turned Into Pornography Hosters By Hackers
  • New Storm Worm Spam Campaign Mentions FBI And Facebook
  • Late Valentine E-cards By Storm Trojan
  • GTA IV Gamers Are Targeted By Spyware Spam
  • Yahoo! Groups Are Used By Phishers To Send Personalized Scam Emails

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: U.S Schools Are Targeted In Malware Spam Campaign

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.