Zberp – malware developed from the source code of Zeus and newer financial malware Carberp – is being spread with the help of malicious emails.

On Monday, Elad Sharf, lead senior security researcher at Websense, blogged about the phishing campaign.  

According to Sharf, attackers delivered the Zeus variant by leveraging hidden Windows PIF files, he wrote.

Spurious emails with subject lines about a failed delivery package or fax or payment confirmation are often the lure of choice for attackers. Since PIF files act as executable extensions, victims, who believe they are opening attachments, are actually redirected to zip files containing the malware.

Furthermore, the Zeus variant has an improved means of evading security solutions that typically pick up on “malicious hooks,” malware activity signifying that computer processes are being spied on by attackers, Sharf wrote.