Spyware poses as Microsoft

Creates havoc, steals data and zombifies your computer

Speculating the “Downadup/Conficker
” that reminded (please read taught) people to continuously
update their systems with the latest patches and fixes, the current malware
exploits people’s fears and behavioral stereotypes when dealing with computer

Microsoft never sends (individual) e-mails announcing the
availability of a new fix, but uses its OS integrated automatic update systems
– namely Windows Update or Microsoft Update. The current unsolicited message wave
bears several characteristics pertaining to the Richmond-based company security
bulletins, such as the general content and formatting, which could definitely
trick the inexperienced user to follow the supposed update link.

Microsoft Phishing

However, upon clicking the link the user is not directed to
Microsoft portal, but to a phony Web page that loads from a domain registered
in Mexico.
If the user clicks the download link of that alleged 80 KB Outlook/Outlook
Express update, one triggers, in effect, the download of a horrific piece of
spyware – Trojan.Spy.ZBot.UO.

Microsoft phishing

The newest member of the renowned ZBot family it is
disguising under the innocent appearance of a .CHM (on-line help) file. Upon
launching, it injects code within the winlogon.exe
process in order to gain access to the main services, run stealthily on the
compromised machine and freely connect to Internet.

For its spyware purposes, it creates a hidden directory within
the WidnowsSystem32 folder, which it populates with three encrypted files. Here
it stores the sensitive data it steals from the infected computer, such as log
in credentials, including, but not limited to e-banking and e-mail
authentication details and content, as well as on-line history. The encrypted
files also hold further configuration instructions, remote control and spamming

The high rate of spreading reveals that social engineering
techniques do pay back, especially during crisis, and that users’ gullibility
could lead to another malware pandemic.

About the author


With a humanities passion and background (BA and MA in Comparative Literature at the Faculty of Letters, University of Bucharest) - complemented by an avid interest for the IT world and its stunning evolution, I joined in the autumn of 2003 the chief editors' team from Niculescu Publishing House, as IT&C Chief Editor, where (among many other things) I coordinated the Romanian version of the well-known SAMS Teach Yourself in 24 Hours series. In 2005 I accepted two new challenges and became Junior Lecturer at the Faculty of Letters (to quote U2 - "A Sort of Homecoming") and Lead Technical Writer at BluePhoenix Solutions.

After leaving from BluePhoenix in 2008, I rediscovered "all that technical jazz" with the E-Threat Analysis and Communication Team at BitDefender, the creator of one of the industry's fastest and most effective lines of internationally certified security software. Here I produce a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases. Every now and then, I enjoy scrutinizing the convolutions of e-criminals' "not-so-beautiful mind" and, in counterpart, the new defensive trends throughout posts on

Balancing the keen and until late in night (please read "early morning") reading (fiction and comparative literature studies mostly) with Internet "addiction", the genuine zeal for my bright and fervid students with the craze for the latest discoveries in science and technology, I also enjoy taking not very usual pictures (I'm not a pro, but if you want to see the world through my lenses, here are some samples, messing around with DTP programs to put out some nifty book layouts and wacky t-shirts, roaming the world (I can hardly wait to come back in the Big Apple), and last but not least, driving my small Korean car throughout the intricacies of our metropolis's traffic.