World HOt toPPIX

The Microsoft Malware Protection Center Blog provides information on viruses, worms and other malware and spyware and explains how Microsoft antivirus products help protect your computer.

The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.

The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to Microsoft software security vulnerabilities.

Cybercriminals are continuing to use a social engineering trick to lure users for their malware campaigns. This time, they targeted customers of Stratfor - a subscription-based provider of geopolitical analysis. Attacks against Stratfor clients began after a reported breach of their customer database.

The spammed email contains an attached PDF file named "stratfor.pdf". Upon opening the PDF file, it displays the following content, with a reference to using security software to scan for the fictional "Win32Azee virus":

The link displayed in the emails appears legitimate at first glance, but looking closely at the target address, you notice that it doesn't originate from the address in the email text. Stratfor is based in Texas, United States however the download URL is located somewhere in Turkey. A sample of another PDF file contained a download link for yet another compromised site, this time in Poland.

Clicking on the link, Adobe Reader will display a warning message asking you to verify if you trust the website. The file for download is actually a Win32/Zbot variant, which Microsoft already detects as PWS:Win32/Zbot.gen!R. The malicious PDF file is detected as Trojan:Win32/Pdfphish.A.