ZeuS-Related Arrests and the Final Days of SpamIt Kaspersky Lab experts provide insight into Spam detected in September 2010

Users of the LinkedIn social network were the victims of one of the biggest spam attacks in September. The attack saw a host of messages being distributed with a link to ZeuS, a malicious program which has been the focus of many an antivirus company's attention. The messages came in spurts at the end of the month and displayed headings such as “LinkedIn Update”, “LinkedIn Messages” and “LinkedIn Alert”. The body of the message informed recipients about two unread messages.

When a user clicked on the link their computer was infected with one of the variations of the Trojan-Spy.Win32.Zbot (ZeuS) program. The link to the 'private messages' either led to automatically generated second-level domains in the .info zone or to hacked domains in the .com zone (in the latter case the links ended in 1.html).

The ZeuS theme continued with the arrests of several dozen Eastern Europeans by U.S. and British authorities. They were accused of using ZeuS to steal $70 million over the last eighteen months. The criminals had laundered the money using fake credit cards with credentials they had acquired with the help of ZeuS.

The arrests appear to have forced the other members of the criminal gang to lie low, at least in the USA and the UK, because there was a considerable decrease in the number of Zbot (ZeuS) detections by mail antivirus programs in the territory of these countries on the day of the arrests, 30 September. The other big event in September was the imminent closure of the vast criminal partner program SpamIt, notorious for its commitment to the Canadian Pharmacy Viagra brand.

“Our spam-related forecasts for October are, on the one hand, positive – the closure of SpamIt at the end of September will no doubt affect the amount of Viagra adverts. On the other hand, the end of the month was marked by a growth in emails containing malicious code, which means the spammers have already switched from advertising pharmaceuticals to spreading malware,” said Maria Namestnikova, Senior Spam Analyst at Kaspersky Lab.

The full version of the spam report for September 2010 is available at www.securelist.com

About Kaspersky Lab:
Kaspersky Lab is the largest antivirus company in Europe. It delivers some of the world's most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. The company is ranked among the world's top four vendors of security solutions for endpoint users. Kaspersky Lab products provide superior detection rates and one of the industry's fastest outbreak response times for home users, SMBs, large enterprises and the mobile computing environment. Kaspersky® technology is also used worldwide inside the products and services of the industry's leading IT security solution providers. Learn more at www.kaspersky.com. For the latest on antivirus, anti-spyware, anti-spam and other IT security issues and trends, visit www.viruslist.com