Thursday, February 10, 2011

Scanned Documents Spreading ZBot

MISCELLANEOUS Scanned Documents Spreading ZBot
Four PDF vulnerabilities exploited all in the “good” name of yet another Zbot spam campaign

You know printers. I know you do and you use them regularly if not daily. They sit in a corner of your office and spit pages whenever you make them. Some of these printers can also send scanned documents via e-mail, and I’ll bet that not all of you know something about this feature let alone use it. Well, cyber criminals do know about this and they even found a way to use it for their ill-intended actions.

And here’s how: the malware writers took the e-mail template proprietary to office printers and scanners and used it to distribute…well…spam. More to the point, they “distribute” e-mails disguised as scanned documents sent by a Xerox® WorkCentre Pro scanner and containing a “malicious” attachment in the form of a harmless PDF file.



And the attachment is a wolf in a sheep’s fur. The claimed Xerox WorkCentre Pro scanned document is in fact a malformed PDF file that exploits a bunch (more precisely 4) of Adobe® Acrobat Reader® vulnerabilities such as Collab.collectEmailInfo (CVE-2007-5659), Utilprintf (CVE-2008-2992), Collab.getIcon (CVE-2009-0927), mediaNewplayer (CVE-2009-4324) which are by now old – mostly related to remote code execution.

This malformed PDF file is on a new mission these days: to spread the Zbot.

Short reminder of ZBot operation style: Also known as Zeus, ZeusBot or WSNPoem, is a Trojan designed to steal sensitive information. It messes with certain processes and adds exceptions to the Microsoft® Windows® Firewall so as it is provided with both backdoor and server capabilities. On the one hand, ZBot ships out critical data gathered from the compromised computer, and on the other hand it waits at the gates of some “ports” further commands from remote attackers.

The latest variants are also able to steal bank-related information, login data, history of the visited Web sites and other details the user inputs, while also capturing screenshots of the compromised machine's desktop

Always keep your anti-virus product up to date to help protect you against this type of malicious spyware.

Click Computers – Computer Repair Utah
Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.

1 comment:

  1. SOFT TECH GEEKS
    Soft Tech Geeks is a chinese underground organisation of computer experts and hackers. We stay discrete in order to prevent the identity of our clients from FEDs and individuals.
    • Hacking really takes the right tools and equipment (Spywares and other necessary softwares).
    Most people really think that a hacker can just breaking into a security system just by browsing through the site.
    But if you really need a hacker we are here for you. We give you full details of our strategy on how we are going to get the job done, then you can decide if we are really or not.

    HOW WE WORK:

    • We don't ask personal questions about you and we dont give out our personal information.
    We strictly do business and don't expose you or your service to you to anyone.
    That's how discrete we are.

    OUR HACKING SERVICES:
    As long as technology is involved anything can be hacked.
    *Most people want to Hack a target's email I.D, social media websites or apps, smartphones, for many reasons such as husband cheating on wife, girlfriend cheating on boyfriend.
    *if you need to hack a particular organisation so as to sniff, delete, change a particular information or records.
    *as a parent you might need to monitor what your children are doing on social media and on their personal computers or even clone their phones to also hear their calls or see text messages on any app they chatting with, so that they don’t get into trouble.
    *if you want to hack a private domain email account(business email).
    *you want to eraze your name from court’s criminal records, perhaps you might want to Hack into the database of any government agency,
    *you want to spend someone's money by cloning another credit card to their account without bank or the user's notification,
    *some people want to mine bit coin, we can create a platform for you to mine bit coin without having to cheat anyone.
    All these are what we can get done within few hours.

    OUR ASSURANCE TO YOU:
    Fankly speaking, we always give a 100% guarantee on an job we take. Time to complete a job depends on the complication of the job and if we take your job then be rest assured that it will be done, and we give you a 100% assurance that we cover our tracks well enough, so when we do a job its like we were never there. We have also come across FAKE HACKERS claiming they will get the job done in a short time , and sharing testimony of themselves but they are all scams (AVOID THEM).
    REMEMBER THIS "AS LONG AS IT'S TECHNOLOGY IT CAN BE HACKED"

    We look forward to working for you.
    SOFT TECH GEEKS
    softtechgeeks@gmail.com

    ReplyDelete