Spam campaign targets banks, social media, with Gameover Zeus trojan

Share this article:
Steve Durbin, global vice president, Information Security Forum
Spammers are targeting major banks and social media networks with a Gameover variant of Zeus.

Leading banks, social media giants and other major organizations are being targeted in a massive spam campaign that is leveraging the Gameover variant of the nefarious Zeus trojan – as well as additional malware – to steal credentials and other information.

Security company Easy Solutions confirmed the campaign was ongoing in a Friday email to, which highlights Facebook, Twitter, Bank of America, and Deutsche Bank as just a handful of the numerous targeted organizations.

In a Friday email correspondence, David Castañeda, VP of research and development with Easy Solutions, told that hundreds of unsolicited emails, driven by botnets, are claiming to come from UK-based Broad Oak Toiletries Ltd.

“[The spammers are looking] to steal credentials, including second factor authentication, such as challenge questions used by financial institutions,” Castañeda said, explaining that the emails come attached with an invoice, which appears as a Microsoft Word document, but is actually the trojan.

Double clicking on the executable will result in the installation of the Gameover malware with the Necurs rootkit, as well as ransomware, Castañeda said, adding that the proper use of the English language in the body of the email makes the phish a bit tougher to spot.

On the Broad Oak website, a message states that someone spoofed one of its email addresses from an outside source.

“Our systems are not compromised in any way, and none of the SPAM emails are from a valid Broad Oak Toiletries email address, however they appear to be from the domain and we are therefore being contacted continuously by recipients worried by the email they have received,” according to the message posted on the website.

In order to defend against these types of attacks, Castañeda suggests not accepting or downloading attachments from unknown sources, as well as frequently updating anti-virus, spam filters and content filters.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Skills in demand: Communications and messaging experts

Skills in demand: Communications and messaging experts

The demand for infosec-focused communications and messaging pros is growing.

Company news: New execs at Malwarebytes and an acquisition by VMware

The latest mergers and acquisitions and personnel moves, including Malwarebytes, Abacus Group, VMware, Bay Dynamics, vArmour, Secunia, Norse and more.

Bridging the talent gap in health care

Bridging the talent gap in health care

Cybercriminals are primarily after patient data as it really gets them more money.