ZeuS Spreading via Facebook Friends Request
New spamming campaign has been reported by Trend micro. This type of malware is spreading through Facebook. The downloaded malware is another type of Zbot, also called Zeus a Trojan horse that attempts to steal confidential information from the compromised computer. It may also download configuration files and updates from the Internet.
Malware spreads by sending messages to victims that includes Facebook friend request notification. When user clicks to approve the friend request link opens a page that invites him to install the latest version of Adobe Flash Player. But here the link takes user to install TSPY_ZBOT.FAZ instead of Adobe Flash Player.
This spyware adds registry entries to enable its automatic execution at every system startup. It attempts to steal information, such as user names and passwords, used when logging into certain banking or finance-related websites.
Generally Trojan.Zbot files are used to compromise computers is generated using a special toolkit that is available in marketplaces for online criminals. Toolkit allows an attacker a high degree of control over the functionality of the final executable that is distributed to targeted computers.
The Trojan itself is primarily distributed through spam campaigns and drive-by downloads, though given its versatility, other vectors may also be utilized. The user may receive an email message purporting to be from organizations such as the FDIC, IRS, MySpace, Facebook, or Microsoft.