Srizbi's Important Document

This week the Srizbi botnet is sending spam claiming to contain an important document in an attachment. The attached zip file is password protected and contains the file doc.exe. The required password is included in the message.

As with several previous executables sent from Srizbi, doc.exe installs a rogue anti-virus program and a copy of the Srizbi bot. In this case the rogue anti-virus program is XP antivirus 2008, which claims to have detected hundreds of virus infections on the victim’s machine but won’t remove them until the user pays for the full version. In the background the Srizbi bot will silently be sending out thousands of spam emails.

Malicious spam currently accounts for almost 10 percent of all spam. This has come down in recent weeks from its peak at just over 35 percent. We have also noticed that executable attachments have slightly increased while links in spam to executable files has decreased.

MailMarshal customers are protected from these spam messages with SpamCensor version 269.