Bogus Bank 'Security Update' Emails Serve Up Zeus Trojan
Email virus traffic has spiked to very high levels over the past few days and we are seeing levels on par with those normally seen in peak times. Today is on pace to be the highest level of email-borne virus that we have seen in over 5 months.
As usual, cybercriminals are using numerous social engineering tactics in attempts to infect your computer. This morning we began seeing a huge flood of messages posing as security notifications from Bank of America. The messages purport to be from the “BoA Security Department” and inform you that the bank is making security upgrades. There is of course a file attached that you are asked to open and run. The .zip file contains an .exe that once executed will infect your computer with the ever-popular ZBOT malware family.
Here is the message:
Ironically the victim that was hoping to avoid banking fraud is now host to the sinister banking Trojan. The Zbot or Zeus malware family has been stealing money from people’s bank accounts and other sensitive logins since 2008. In addition to capturing your bank account login credentials Zeus has been known to steal Facebook logins as well. In addition to information theft, Zbot also hijacks your machine and enslaves it to a botnet. When we began blocking this particular iteration of the Zeus Trojan it was not being recognized by any of the 42 Antivirus Engines that we scanned it against, making us the first to identify it as malicious and get signatures in place.