Graphics hosted by Federal Reserve bear the password-stealing Zeus Trojan

Dark Reading Staff, Dark Reading

June 23, 2011

1 Min Read

A new spam campaign is delivering hundreds of thousands of messages that masquerade as a failed wire transfer but deliver the password-stealing Zeus banking Trojan, researchers say.

"The gangs that distribute variants of this malware are especially interested in banking credentials belonging to small businesses and government agencies," researchers from Barracuda Networks said in a blog on Wednesday.

"Compared to the average consumer, these entities often have more money in their accounts and set higher limits on wire transfers," the researchers said. "One thing small organizations don’t always realize is that they do not enjoy the same protections against fraudulent transactions that consumers do."

The spams use graphics hosted by the Federal Reserve, according to the blog. "Much like last week's Chase Paymentech spam campaign, these notices are of particular interest to financial professionals," it says. "Unlike the more sophisticated Chase emails, these are a simple affair with poorly constructed text and no attempt at hiding the executable nature of the linked payload."

The spammers try to hide the malware behind a double extension of .pdf.exe, but there is no PDF, the researchers warn. If it is downloaded, the Trojan will run quietly in the background, intercepting browser traffic, watching for credentials, and sending anything it finds to its command-and-control server.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights