This past week, we posted some of Cutwail’s recent spamming activity. As we were digging into the elevated levels of Cutwail activity, the researchers over at Shadowserver posted on the unusual SSL traffic originating from infected hosts.

Spam continues to clog the internet with providers reporting spam stuffing 80% – 95% of all email content en route. It’s an ongoing problem into 2010, so last week we examined the active spambot Tedroo, some of its suspicious behaviors, one of its anti-debug/antiRE techniques, and its spam delivery.

As a followup to our early Jan Bredolab email blast warning, this post presents technical details and functionality about the payload accompanying the delivery notice + invoice attachment.

Microsoft recently announced a new vulnerability in certain versions of its Internet Explorer web browser. If exploited, the vulnerability (CVE 2010-0249) can allow remote code execution.

Announcement of this vulnerability follows on the heels of last week's targeted zero-day attacks against a number of companies.

We have located the first iPhone worm, dubbed as Ikee. It's currently spreading in the wild, but it's only able to infect devices that have been "jailbroken" by their owners. Jailbreaking removes iPhone's protection mechanisms, allowing users to run any software they want.

Affected users will find that their iPhone wallpaper has been altered to a picture of Rick Astley (of Rickroll fame) and the message "ikee is never going to give you up".

The cybercriminal gangs developing and distributing Zbot have been highly active recently, as seen here and here, so let’s dig into the code again.

Unfortunately, a lot of people didn’t realize that the email and attachment we posted yesterday was not really from “The Facebook Team”. ThreatFire users were protected from the Bredolab downloader and its Zbot payload, and it’s a good thing too. Here is some information on who fell for it by country:

It’s been a while since we last looked at and analysed a Silentbanker Trojan in October 2008 and we have written about it on our blog at http://www.trustdefender.com/blog for some time.

We've been waiting for some stats to come rolling in, but we haven't seen a hint of an 0day worm or any attacks for that matter on the current Microsoft Ftp module 0day.

Last week's Bredolab post generally described the ongoing downloader's email blasts and the malicious injector/downloader's static and dynamic characteristics. Here are a few more screenshots of the moneymaker payload. This payload currently is the rogueware/scareware "PC AntiSpyware 2010", which also has been distributed in a number of other ways over the past few months.