Application security, Malware

Compromised .edu domain used to spread Zeus-laden emails

Researchers at PhishMe detected a malicious email campaign spreading Zeus.

In this ruse, attackers sent emails from within a compromised .edu domain – a tactic likely used to gain the trust of victims, a Friday blog post by PhishMe's Ronnie Tokazowski said.

“Most universities can be trusted to send legitimate emails, so their IP addresses don't make it onto vendor blacklists, and universities typically have faster Internet to accommodate the large number of students accessing the Web, streaming Netflix, and gaming online,” Tokazowsk wrote. He later noted that saboteurs may not have “directly attacked the university,” but may have compromised a system residing at the university.

PhishMe redacted the name of the U.S. university used in the campaign, but revealed that emails were made to look like payment confirmation correspondence. Zip files thought to contain the information, instead caused victims to install Zeus.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.