Digital Degenerate

Yesterday morning we began seeing a massive influx of messages attempting to spread the Zeus Trojan. This message campaign has been ongoing for around three weeks now. Over the past weeks we have seen a steady stream of these messages but this morning there was a huge spike in traffic. This morning’s message blast incorporated the use of over 100 new domains being used in association with it. At one point this morning we were seeing rates at nearly thirty thousand per minute of these messages hitting our filters. Since we identified this threat from the onset back in September, our Spam Filtering and Exchange Hosting customers are fully protected.

However, cyber criminals must be finding a pretty good infection rate with unprotected users for them to continue as long as they have. We have seen plenty of evidence indicating that people are falling for this social engineering tactic.

The messages themselves target businesses in general and claim that your federal tax payment has been rejected. This message appears to be from the Electronic Federal Tax Payment System (EFTPS). This method of submitting payroll taxes has become very common over the years and is poised to be the required payment system by ALL businesses effective January 1st 2011. Since most businesses are already on this system and many have recently switched over to it, these messages have an added element of importance and believability. Here is a look at the message:

Most commonly a message like this would lead the user to a phishing page that would then politely ask you for all of your personal and or company information (such as) Name, Date of birth, Social Security Number, Credit Card Number, Pin Number, 3-digit Security Code, EIN, Bank Account and Routing info, etc..  not this time though. These messages are attempting to infect users with the Zeus Trojan. Zues has been known to steal sensitive personal/corporate information as well as weaponize your PC by joining it to an existing botnet.