New Spam Tactic Leverages Hijacked .edu Websites for Proliferating Zeus

According to PhishMe the security company, one fresh spam mail run is leveraging hijacked .edu domains as it disseminates the notorious banker Trojan ZeuS.

Senior Researcher Ronnie Tokazowski from PhishMe explains that the spam mails in their new trick serve malicious program via certain university domain. The idea is to exploit universities' trustworthiness involved in dispatching legitimate e-mails while security agencies don't backlist the IP addresses of such educational institutions. Most usually, universities run their bandwidths faster than others for suiting the huge student numbers going online, accessing the popular American video-sharing service Netflix as well as playing Internet games, the researcher continues. Infosecurity-magazine.com published this dated November 3, 2014.

Tokazowski in addition states that the spam mail run came to the notice of PhishMe when suspicious e-mails in great numbers led onto another fresh, bigger-sized assault. This new phishing assault's traffic had the .edu domain-name appearing very prominent.

Reportedly, the university name being exploited within the spam attack in discussion presently has 25,000-30,000 regular students, according to Tokazowski.

He notes that when any trustworthy source maintains plentiful bandwidth, it becomes a very good platform for attackers in utilizing it for delivering malware. Within the current attack, there mayn't have been a direct assault on the university; however, the particular attackers may've hacked into a computer that was installed inside the university compound Tokazowski posts on his company's blog. Phishme.com published this dated October 31, 2014.

Incidentally, PhishMe was able to identify the American university's name abused within the e-mail scam, although pointed out that the messages were given as appearing correspondences confirming some payment.

The attackers resorted to zip file having certain executable. The clues of the hijack can be obtained via a hunt for traffic destined for a 155 IP address, incoming electronic mails originating from Hotmail, alternatively messages based from off the topic.

In the end, PhishMe hasn't just tracked the aforementioned American university, which scammers targeted within the recent months. Another one in September 2014 was also tracked that involved phishing against the staff as well as students at Toledo, Ohio, US situated University of Toledo.

» SPAMfighter News - 11/13/2014