For over a year, the Rock Phish Gang was using the Avalanche botnet to host their various phishing scams and malware distribution sites. Fortunately, the botnet was shutdown last week – how long remains to be seen. Unfortunately, the Rock Phish Gang have not gone away.
These criminals continue to distribute their Zeus trojans and steal funds from banking accounts. They have resorted to the old tactic of attaching the malware file directly to the email.
Recent scam emails have targeted Verizon Wireless and Vodafone with emails claiming that “Your credit balance is over its limit”. Today’s scam announces that “your mailbox has been deactivated” (despite sending you a message to your mailbox!).
In all three cases, the emails contain a .zip file which contains a Zeus banking trojan. Currently, this trojan is detected by 22 of 41 antivirus products according to VirusTotal. The malware also “phones home” to the same servers previously seen in Rock phish zeus malware. Details in this ThreatExpert report.