Security vendor Websense is warning of a renewed spate of global attacks aimed at stealing information from staff in government and military departments via the notorious Zbot or Zeus Trojan.
The malware, which was originally designed and used to steal banking data, was used in a campaign targeting government workers in the US and UK at the beginning of the month.
This follow up attack involves a fake email purporting to be from a reputable figure within the Central Intelligence Agency, with the subject line: "Russian spear phishing attack against .mil and .gov employees".
“The spoofed emails capitalise on the last Zeus attack, and claim that installing theWindows update via the links provided will aid protection against Zeus attacks,” noted a Websense alert.
“The binary file downloaded from these links is identified as a Zeus bot and holds 35 per cent AV detection rate. Once again URLs in the email messages lead to a malicious file hosted on a compromised host, and also on a popular file hosting service.”
According to Websense, after The Zeus Rootkit component is installed the command and control (C&C) server is contacted to download an encrypted configuration file.
Another data stealing component gets downloaded and installed from the same C &C, and then the bot starts to connect with a credential-based FTP server to upload stolen data.
Zeus Trojan resurfaces
Got a news tip for our journalists? Share it with us anonymously here.
Add techpartner.news as your trusted source
Partner Content
Promoted Content
Have ticket queues become your quiet business risk?
Fabric workshops help partners tap into data services demand growth.
AI PCs shift from hype to revenue opportunity for partners
_(25).jpg&h=142&w=230&c=1&s=1)
Shortfalls in cyber expertise deepen the cost and complexity of security incidents
_(30).jpg&h=142&w=230&c=1&s=1)
Promoted Content
Why Australia’s Industrial Leaders Are Turning to Dynamic Aspect for Dynamics 365 Business Central
.jpg&w=100&c=1&s=0){kind=logo}
