Spam campaign targets banks, social media, with Gameover Zeus trojan

Share this article:
Steve Durbin, global vice president, Information Security Forum
Spammers are targeting major banks and social media networks with a Gameover variant of Zeus.

Leading banks, social media giants and other major organizations are being targeted in a massive spam campaign that is leveraging the Gameover variant of the nefarious Zeus trojan – as well as additional malware – to steal credentials and other information.

Security company Easy Solutions confirmed the campaign was ongoing in a Friday email to, which highlights Facebook, Twitter, Bank of America, and Deutsche Bank as just a handful of the numerous targeted organizations.

In a Friday email correspondence, David Castañeda, VP of research and development with Easy Solutions, told that hundreds of unsolicited emails, driven by botnets, are claiming to come from UK-based Broad Oak Toiletries Ltd.

“[The spammers are looking] to steal credentials, including second factor authentication, such as challenge questions used by financial institutions,” Castañeda said, explaining that the emails come attached with an invoice, which appears as a Microsoft Word document, but is actually the trojan.

Double clicking on the executable will result in the installation of the Gameover malware with the Necurs rootkit, as well as ransomware, Castañeda said, adding that the proper use of the English language in the body of the email makes the phish a bit tougher to spot.

On the Broad Oak website, a message states that someone spoofed one of its email addresses from an outside source.

“Our systems are not compromised in any way, and none of the SPAM emails are from a valid Broad Oak Toiletries email address, however they appear to be from the domain and we are therefore being contacted continuously by recipients worried by the email they have received,” according to the message posted on the website.

In order to defend against these types of attacks, Castañeda suggests not accepting or downloading attachments from unknown sources, as well as frequently updating anti-virus, spam filters and content filters.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.