ALERT: ZeuS GameOver Massive Spamming Campaign Now Targeting Banks & Enterprises

Share Button

Today, our research team has confirmed a massive spam campaign leveraging ZeuS GameOver, is now targeting major banks, social networks, and other enterprises.

How is the spamming taking place?

Hundreds of unsolicited emails, impersonating “Broad Oak Toiletries Ltd”, are targeting these organizations. To inspire trust, the emails have the word Invoice and a few random numbers on the subject line and pretends to have been scanned by Symantec Email Security cloud service. In the body of the email, the recipients are being asked to communicate a payment date to an account administrator for the invoice attached.

The email includes a ZIP archive named ‘Invoice [random number] March’ and contains an executable file posing as a Word document. Upon opening, the file will attempt to download a binary form of 55 different URLs. Following this, approximately 35 websites will be serving up the payload of ZeuS GameOver, with the Narcus rootkit and some ransomware.

Who’s the target?

We have confirmed that the attack is being active against the websites listed on Pastebin here. The list includes USAA, Deutsche Bank, Bank of America, Facebook and Twitter.

Pastebin Zeus

Source: Pastebin

What can you do?

Unfortunately, there is little to nothing organizations can do to prevent attacks from happening, since the spread of the attack is out of their control.

Institutions should scrutinize the online sessions across all of their digital channels (both online and mobile), especially for the targets identified in the Pastebin list.

In addition, banks and other enterprises should increase their visibility toward end-user devices, to better identify the health of the devices they are interacting with.

And finally, in events like this, organizations benefit from services that monitor the black markets, to determine quickly if they are an active target and reduce the effective time and losses from an attack.


Related Posts

Fraud in the Time of Coronavirus As the world grapples with the Coronavirus pandemic, self-isolation and stay-at-home-orders have increasingly become the norm.
Coronavirus and Cyberattacks: Tips to Keep your Customers Secure Fraud attacks are now on the rise, with malicious actors launching targeted phishing and malware attacks, capitalizing on the Coronavirus pandemic. Having a strong cybersecurity strategy in place has never been more critical.  

Leave a Reply

Your email address will not be published. Required fields are marked *