Friday, January 13, 2012

Phishing Emails from Spoofed US-CERT Emails Spreading Zeus/Zbot Trojan Variant

IceThe United States Computer Emergency Readiness Team (aka “US-CERT”) has issued a warning to the public to beware of a new phishing campaign packed with malware coming from spoofed US-CERT email addresses.

“SOC@US-CERT.GOV” appears to be the primary email address that is being spoofed in the phishing email campaign; however the US-CERT stated that other invalid email addresses are also being used.

The phishing emails carry the subject line, “Phishing incident report call number: PH000000XXXXXXX” and a malicious file named “US-CERT Operation Center Report” is attached to it. (the X’s refer to a random value or string).

Inside the attachment is an executable file (“US-CERT Operation CENTER Reports.eml.exe”) which is a variant of the Zeus/Zbot Trojan known as Ice-IX. Like Zeus/Zbot, the main purpose of Ice-IX is to steal financial information, but Ice-IX boasts better tracker evasion features and an improved web injection method to alter bank webpages in order to lift sensitive information.

So far it seems that the targets of the phishing campaign are employees of private sector organizations as well as federal, state and local governments.

Due to the dangers that lurk within this new phishing campaign, the US-CERT has advised folks to avoid downloading files attached to emails from unknown sources and to double-check that their antivirus software is up-to-date.

Feel free to check out the US-CERT advisory.

Photo Credit: Kyle May

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment