New Zeus emails cloaked as Fed, IRS messages

Share this article:

Small and midsize organizations may want to take note: There is a particularly large Zeus spam campaign making the rounds.

The emails piggyback on two trusted names -- the Federal Reserve and the Internal Revenue Service -- to incite recipients to take unwise actions.

Researchers at Barracuda Labs first spotted the huge uptick in the malicious messages on Monday morning, when the emails were blocked before reaching some 120,000 users within 10 minutes.

In particular, the emails claiming to originate from the Federal Reserve appear to target those individuals in charge of an organization's finances. The body of the messages encourage recipients to click on a malicious link for more information about a wire fund transfer that was not processed.

Users who click on the link are then asked to install an executable, which actually is the data-stealing Zeus trojan, notorious for keylogging the corporate banking credentials belonging to small and midsize businesses, school districts and charities.

"The goal is to steal money from you," Barracuda researcher Luis Chapetti told SCMagazineUS.com.

On Wednesday, the fraudsters switched their tactics to leverage the IRS name in their emails. The messages contained the same payload, but victims were told that their federal tax payment was canceled by their bank and were encouraged to click on the malicious link for further details.

"The potential is there for people to be affected, especially at these volumes," said Barracuda researcher David Michmerhuizen.

Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.