1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

New Buzus Distribution Campaign Generates Wave Of Fake Emails

Discussion in 'Security Updates' started by starbuck, Jan 25, 2011.

  1. starbuck

    starbuck Administrator - Malware Removal Specialist Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,825
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    . Security researchers from antivirus vendor Sophos warn of a new wave of emails distributing a new variant of the Buzus malware, which masquerade as official communications from major websites.

    Some of the rogue emails pose as a job application response from Google and purport to come from a resume-thanks@google.com address.

    The message contained within reads: "We just received your resume and would like to thank you for your interest in working at Google. This email confirms that your application has been submitted for an open position."

    It goes on to instruct recipients to open the attached file which is allegedly a review of the submitted application.

    The file, called CV-20100120-112.zip, contains an installer for the Buzus worm which spreads by sending the emails through an external SMTP server and copying itself to removable USB devices.

    The malware, detected as W32/AutoRun-BHX by Sophos, is also known to create copies of itself within folders usually shared by P2P applications with names suggesting cracks for popular applications.

    Other Buzus distribution emails masquerade as unread message notifications from Facebook and carry a "Facebook message.zip" file.

    "You have got a personal message on Facebook from your friend. To read it please check the attachment," the rogue emails read.

    Additional spoofed communications which are part of the same campaign purport to come from Twitter, hi5, Amazon and Hallmark. They look identical to a similar wave of rogue emails reported by security vendors in October last year, suggesting that the malware authors only updated the Buzus version.

    "Always be suspicious of unsolicited email attachments, and ensure that your anti-virus protection is up-to-date. Malware campaigns can take different disguises and users must learn to be on their guard," warns Graham Cluley, senior technology consultant at Sophos.


    Source:
    http:/ ews.softpedia.com ews/New-Buzus-Worm-Distribution-Campaign-Generates-Wave-of-Fake-Emails-180235.shtml
     
    Last edited by a moderator: Feb 4, 2014
    starbuck, Jan 25, 2011
    #1

Share This Page