Spam campaign targets banks, social media, with Gameover Zeus trojan

Share this article:
Steve Durbin, global vice president, Information Security Forum
Spammers are targeting major banks and social media networks with a Gameover variant of Zeus.

Leading banks, social media giants and other major organizations are being targeted in a massive spam campaign that is leveraging the Gameover variant of the nefarious Zeus trojan – as well as additional malware – to steal credentials and other information.

Security company Easy Solutions confirmed the campaign was ongoing in a Friday email to SCMagazine.com, which highlights Facebook, Twitter, Bank of America, and Deutsche Bank as just a handful of the numerous targeted organizations.

In a Friday email correspondence, David Castañeda, VP of research and development with Easy Solutions, told SCMagazine.com that hundreds of unsolicited emails, driven by botnets, are claiming to come from UK-based Broad Oak Toiletries Ltd.

“[The spammers are looking] to steal credentials, including second factor authentication, such as challenge questions used by financial institutions,” Castañeda said, explaining that the emails come attached with an invoice, which appears as a Microsoft Word document, but is actually the trojan.

Double clicking on the executable will result in the installation of the Gameover malware with the Necurs rootkit, as well as ransomware, Castañeda said, adding that the proper use of the English language in the body of the email makes the phish a bit tougher to spot.

On the Broad Oak website, a message states that someone spoofed one of its email addresses from an outside source.

“Our systems are not compromised in any way, and none of the SPAM emails are from a valid Broad Oak Toiletries email address, however they appear to be from the broad-oak.co.uk domain and we are therefore being contacted continuously by recipients worried by the email they have received,” according to the message posted on the website.

In order to defend against these types of attacks, Castañeda suggests not accepting or downloading attachments from unknown sources, as well as frequently updating anti-virus, spam filters and content filters.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.