Symantec Security Response is currently monitoring a wave of email spam that contains a threat detected by Symantec as Trojan.Zbot. This Trojan arrives as a .zip attachment in an email that purports to contain a legitimate attachment, such as a birthday invitation, photos, or resume. However, the attached zipped executable file is a malicious threat. The attachment file size is 119 KB and can have a pseudo-random file name such as “lance armstrong.zip,” “NH ESS Access Guidelines (2).zip,” “pricing.zip,” “invitation.zip,” “Resume.zip,” “Allhotels.zip,” "ARICertificate-C4H736 + FVM4X48.zip," or "Inv 2985 Cool Cash App.zip." This Trojan has primarily been designed to steal confidential information, such as online credentials or banking details, but it can be customized to gather any sort of information from the compromised machine. The email may have one of the following subject lines: Subject: Beauty and the Geek 2 Subject: fill this Passport Form Subject: First Birthday Invitation Subject: In USA on August 15 and 16 Subject: Picture sizes Subject: Resume & Coverletter - Feedback Subject: Status Subject: Employee Orientation Subject: Your reservation is confirmed - Ref: 00338/058758 Subject: Garages Subject: Picture sizes Subject: Another candidate brought to you Subject: Sales Dept Data gathered in the Symantec Probe Network shows that .zip attachment spam fluctuated around six percent of total spam until August 5. On August 8, the volume spiked up to 13 percent of total spam: Symantec is protecting its customers with predictive heuristics, by publishing new security definitions, and designing “Dayzero” filters for early detection of viruses and worms. We caution users not to open or click on the links or attachments in emails such as these, and be suspicious of unsolicited email that contains attachments or links. Symantec recommends having anti-spam and antivirus solutions installed and up to date to prevent the compromise of personal machines or networks. ----------------- Note: (20 August 2010) This blog has been updated to include the data trending graph.