Emails seeded with RXBot variant


Somebody has lately been seeding emails with a variant of the RXBot family. Obviously, they are not from Symantec. And when you click the link, you end up getting redirected to a web page which will initiate an autodownload of a file called "rxBot.exe", which is - you guessed it - a variant of the RXBot family.

A mail like this will pass most corporate email filters. There's no attachment. There's no masked link either, so phishing filters probably won't detect it.

It all goes down to whether the end user can be tricked to click on the link and accept the download or not.

If you're a sysadmin, you might want to block access to www.thefive.us at your firewall right about now (abuse messages have been sent). F-Secure : News from the Lab

Linked by shanmuga Thursday, 20th October 2005 3:33AM