Security Bytes

Nov 24 2009   12:28AM GMT

New Zeus spam poses as Social Security statements

Marcia Savage Marcia Savage Profile: Marcia Savage

Trojan steals banking credentials at small and midsize businesses.

The Zeus Trojan continues to find new ways to trick users.  Recent spam campaigns trying to spread the malware have pretended to be messages from the FDIC, the IRS, and more recently, the Electronic Payments Association that oversees the Automated Clearing House (ACH) network (NACHA). On Monday, Zeus was turning up in a new spam surge, this time pretending to be messages from the U.S. Social Security Administration. The fraudulent emails try to trick recipients with warnings that their Social Security statement may contain errors.

A Symantec researcher wrote in a blog post about the Zeus Trojan that the subject of the mail will be something like “review annual Social Security statement“ and the body of the message warns of a potential identity theft risk and asks recipients to review an annual statement by clicking on a link. The link opens to a fake Social Security Administration website with a box for the user to input a Social Security number.  If a number is provided, the page tells the user that their statement can be downloaded by clicking on a button; clicking on the button downloads a variant of the Zeus, or Zbot malware, according to Symantec.

Zeus has been wreaking havoc in recent months by stealing online banking credentials, mainly of small and midsize businesses, which have been victimized by a surge in fraudulent ACH transactions. UK police last week announced the arrests of two people in connection with the malware, but didn’t provide details on the suspects’ involvement.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: