Trojan steals banking credentials at small and midsize businesses.
The Zeus Trojan continues to find new ways to trick users. Recent spam campaigns trying to spread the malware have pretended to be messages from the FDIC, the IRS, and more recently, the Electronic Payments Association that oversees the Automated Clearing House (ACH) network (NACHA). On Monday, Zeus was turning up in a new spam surge, this time pretending to be messages from the U.S. Social Security Administration. The fraudulent emails try to trick recipients with warnings that their Social Security statement may contain errors.
A Symantec researcher wrote in a blog post about the Zeus Trojan that the subject of the mail will be something like “review annual Social Security statement“ and the body of the message warns of a potential identity theft risk and asks recipients to review an annual statement by clicking on a link. The link opens to a fake Social Security Administration website with a box for the user to input a Social Security number. If a number is provided, the page tells the user that their statement can be downloaded by clicking on a button; clicking on the button downloads a variant of the Zeus, or Zbot malware, according to Symantec.
Zeus has been wreaking havoc in recent months by stealing online banking credentials, mainly of small and midsize businesses, which have been victimized by a surge in fraudulent ACH transactions. UK police last week announced the arrests of two people in connection with the malware, but didn’t provide details on the suspects’ involvement.