Fake Medical Lab Emails Lead to ZBOT

A medical laboratory result is the subject for another spamming campaign observed by Trend Micro. The fake email attaches a document file that exploits Microsoft office vulnerability MSCOMCTL.OCX RCE  (CVE-2012-0158).

According to Trend Micro the spoofed message includes the following:

“Hello, Further to our telephone conversation, please to details attached in response to your medical information enquiry.

I have been advised that you can contact them and they should be able to assist you.”

allerganScreenshot for the Fake Email

The Trojan in the attachment will drops and executes BKDR_LIFTOH.AD which will download and install Zeus malware that is used by cybercriminals to grab login credentials for online financial websites.  The attack is varied so it starts with the spam and may lead to propagation on social network and instant messaging protocols.

Trend Micro is reporting two more cases on the same blog post that are targeting British users and suggest the following “Users should always take extra precaution when dealing with e-mail attachments. Email from unknown senders should be ignored or immediately deleted. For important transactions such as purchases or account information, it’s best to confirm with an official representative.”

Notify of
Inline Feedbacks
View all comments