F-Secure : News from the Lab
Link-based RXBot seeding
Somebody has lately been seeding emails like the one pictured below.
Obviously, they are not from Symantec. And when you click the link, you end up getting redirected to a web page which will initiate an autodownload of a file called "rxBot.exe", which is - you guessed it - a variant of the RXBot family.
A mail like this will pass most corporate email filters. There's no attachment. There's no masked link either, so phishing filters probably won't detect it.
It all goes down to whether the end user can be tricked to click on the link and accept the download or not.
If you're a sysadmin, you might want to block access to www.thefive.us at your firewall right about now (abuse messages have been sent).
...and a trojan called W32om3/1.bbc? Oh come on, give me a break!