FYI...
More Malicious SPAM from Pushdo...
-
http://www.marshal.c...hesection=traceMarch 18, 2009 "...
> Phishing -
Pushdo is currently one of the
major botnets responsible for sending Phishing spam. For the past few weeks, it has been
targeting Paypal, USBank and Fifth Third Bank customers to lure users into opening links from spam and logging on to a legitimate looking websites... More recently, a
Bank Of America spam attack was caught by our spam traps - again sent by Pushdo. The email tells you that the automatic installation of a Bank of America certificate failed and needs manual installation. Opening the link from the message body will open a website that provides an "instruction video" on how to install the "certificate". Of course, it needs "
Adobeflashplayer.exe" to view it. But please be wary,
the executable file is a password stealing Trojan horse...
> Social Networking website brands like
Classmates and Facebook are also used by Pushdo. Its modus operandi is to send you a fake video invitation. Upon opening the URL link the website will
require you to download a fake video codec or flash version which, again, is
actually a Trojan Horse...
> Malicious Attachments - Pushdo is one of the few botnets that regularly
distibutes spam with malicious attachments. Themes vary, but recent
themes include fake invoices and airline ticket confirmations. The email usually asks you to open a ZIP-compressed attachment for you to print. The .ZIP
attachment contains a password stealing Trojan Horse that hides its appearance by using a Microsoft Excel icon...
> Scams - Our spam traps also receive scam emails offering part-time and remote employment. Pushdo uses variations of subject lines like:
• Experience employment: Manager (Remote, part-time vacancy; 2500 USD/month)
• Experience long-term employment: Accountant (Remote, part-time vacancy; 2500 USD/month)
• Part time Manager (Remote vacancy; 2500 USD/month)
• Newly opening Accountant (Remote, part-time vacancy; 2500 USD/month)
• Experience employment: Accountant (Remote, part-time vacancy; 2500 USD/month)
> Valentine's Day Theme - And lastly, approximately 20% of the spam Pushdo currently sends is still using a Valentine's Day theme. At least for this botnet, everyday is Valentine's day..."
(Screenshots available at the URL above.)