According to internet security software vendor Commtouch, so-called "zombie PCs" -- PCs infected with malware that can turn them into unwitting hosts and distribution points for malware, viruses, and other malevolent software -- are on the increase.
A blog post by Commtouch security research Avi Turiel points out that the number of zombie IP addresses (both static and dynamic) have increased significantly, driven in part by malware disguised as official email communication from FedEx or UPS. (Images courtesy the Commtouch “zombie lab.”)
Here are more details from Avi's post:
Initially the attachments were “UPS package notifications”. Then the subjects changed focus to “DHL package notifications”. The zip attachment however, remained “UPS.exe” leading us to conclude that DHL were transporting UPS malware. And now (the most logical step we suppose..) the subjects have changed to FedEx package notifications. The attached “document.zip” file still extracts to “UPS.exe”. The body text is actually an image served from a variety of fast changing domains. The body of the email includes random text with a 1-point font size and white color. In this example the text reads “fwa dp ud gn vbg we ayf zv ole” (yes – that’s quite random…)
Given the recent flood of malware, admins would be wise to make sure their anti-virus and anti-malware solutions and policies up to date.
Have any thoughts or suggestions on how to stem the zombie hordes? Add a comment to this blog post or start a discussion on Twitter.Follow Jeff James on Twitter at @jeffjames3