Related Stories

  • Fake Google Chrome updates unleash banking trojan
    A ploy targeting consumers with bogus Google Chrome browser updates is spreading Zeus-like banking malware to unsuspecting web surfers.
  • Zeus malware throws €36+ million lightning bolt across Europe
    A highly sophisticated, multi-pronged cybercriminal attack used to steal an estimated €36+ million from more than 30,000 bank accounts across Europe has been uncovered. The attack uses a new, souped-up form of the Zeus trojan.
  • High-end Citadel financial malware overtakes Zeus as king
    Citadel, which researchers say is essentially the Lamborghini of the financial information-stealing malware scene, is well on its way to overtaking Zeus and SpyEye as the go-to banking trojan after only being discovered earlier this month.
  • Android adware, Zitmo botnets and Romanian hackers, oh my!
    We're not in Kansas anymore: The third quarter of 2012 saw a marked increase in Android adware, while new evidence surfaced suggesting that the Zeus-in-the-Mobile (Zitmo) banking trojan is evolving into a botnet. And, Romanian hackers are continuing to perform large-scale scanning for web vulnerabilities, according to the quarterly threat assessment from Fortinet.
  • US appeals court rules against Maine bank in Zeus attack case
    More than a year after the original court ruling, an appeals court has found that Maine-based Ocean Bank’s security system was “commercially unreasonable” and the bank’s actions contributed to a breach that resulted in the theft of $588,000 from an online customer’s account.

Top 5 Stories


Spam campaign makes offerings to Zeus

18 January 2013

The widespread banking trojan/botnet known as Zeus is continuing to throw its malware-infested thunderbolts at unsuspecting users, this time through a wide-net spam campaign.

SophosLabs’ Graham Cluley said in a blog post that the company is intercepting a high number of bogus emails advising recipients that they have a “secure message.” The mail urges them to open up the attached ZIP file, which, of course, executes the trojan.

“The notorious ZBot family of malware (also known as Zeus) can hijack your computer, making it part of a criminal botnet,” Cluley noted. “Over the past few years, cybercriminals have used different versions of ZBot to steal money from online bank accounts, log-in details for social networking sites and email/FTP information.”

Zeus is well-known for using keylogging, a simple but effective tactic that allows the botnet operator to monitor people’s online activity and gain access to usernames and passwords in order to steal identities, withdraw money and make online purchases. “Experts believe these botnets are responsible for nearly half a billion dollars in damages,” Stuart Aston, Microsoft UK’s chief security advisor told Infosecurity last year, after the company took down 800 domains associated with the Zeus botnet.

The emails have the subject line of "You have received a secure message," while the body reads:

Read your secure message by opening the attachment, SECUREDOC. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it.

If you have concerns about the validity of this message, please contact the sender directly. For questions about Key's email encryption service, please contact technical support at 888.764.7941.

It even includes a few social engineering tactics to make the whole affair seem more legitimate:

First time users - will need to register after opening the attachment.
Help -
About IronPort Encryption -

“It's easy to understand why recipients might be duped into believing that they have really received a secure message like the one shown above, and might be fooled into opening the attachment, and running the malicious executable contained within,” Cluley said. “Always think carefully before opening an unsolicited email attachment.”

This article is featured in:
Data Loss  •  Industry News  •  Internet and Network Security  •  IT Forensics  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×