Spam campaign targets banks, social media, with Gameover Zeus trojan

Share this article:
Steve Durbin, global vice president, Information Security Forum
Spammers are targeting major banks and social media networks with a Gameover variant of Zeus.

Leading banks, social media giants and other major organizations are being targeted in a massive spam campaign that is leveraging the Gameover variant of the nefarious Zeus trojan – as well as additional malware – to steal credentials and other information.

Security company Easy Solutions confirmed the campaign was ongoing in a Friday email to SCMagazine.com, which highlights Facebook, Twitter, Bank of America, and Deutsche Bank as just a handful of the numerous targeted organizations.

In a Friday email correspondence, David Castañeda, VP of research and development with Easy Solutions, told SCMagazine.com that hundreds of unsolicited emails, driven by botnets, are claiming to come from UK-based Broad Oak Toiletries Ltd.

“[The spammers are looking] to steal credentials, including second factor authentication, such as challenge questions used by financial institutions,” Castañeda said, explaining that the emails come attached with an invoice, which appears as a Microsoft Word document, but is actually the trojan.

Double clicking on the executable will result in the installation of the Gameover malware with the Necurs rootkit, as well as ransomware, Castañeda said, adding that the proper use of the English language in the body of the email makes the phish a bit tougher to spot.

On the Broad Oak website, a message states that someone spoofed one of its email addresses from an outside source.

“Our systems are not compromised in any way, and none of the SPAM emails are from a valid Broad Oak Toiletries email address, however they appear to be from the broad-oak.co.uk domain and we are therefore being contacted continuously by recipients worried by the email they have received,” according to the message posted on the website.

In order to defend against these types of attacks, Castañeda suggests not accepting or downloading attachments from unknown sources, as well as frequently updating anti-virus, spam filters and content filters.

Share this article:

Sign up to our newsletters

More in News

With RATs at their disposal, 419 scammers target businesses

With RATs at their disposal, 419 scammers target ...

A new report reveals how Nigeria's 419 scammers are spreading malware to pocket business funds.

InfoSec pros worried BYOD ushers in security exploits, survey says

InfoSec pros worried BYOD ushers in security exploits, ...

A study by the Information Security Community on LinkedIn found most organizations don't have proper polices and support for BYOD.

Six charged in global StubHub scheme, company defrauded out of $1 million

Six charged in global StubHub scheme, company defrauded ...

Manhattan DA Cyrus Vance announced on Monday that six individuals are charged for their roles in a global scheme that defrauded StubHub out of $1 million.