ALERT: ZeuS GameOver Massive Spamming Campaign Now Targeting Banks & Enterprises

Share Button

Today, our research team has confirmed a massive spam campaign leveraging ZeuS GameOver, is now targeting major banks, social networks, and other enterprises.

How is the spamming taking place?

Hundreds of unsolicited emails, impersonating “Broad Oak Toiletries Ltd”, are targeting these organizations. To inspire trust, the emails have the word Invoice and a few random numbers on the subject line and pretends to have been scanned by Symantec Email Security cloud service. In the body of the email, the recipients are being asked to communicate a payment date to an account administrator for the invoice attached.

The email includes a ZIP archive named ‘Invoice [random number] March’ and contains an executable file posing as a Word document. Upon opening, the file will attempt to download a binary form of 55 different URLs. Following this, approximately 35 websites will be serving up the payload of ZeuS GameOver, with the Narcus rootkit and some ransomware.

Who’s the target?

We have confirmed that the attack is being active against the websites listed on Pastebin here. The list includes USAA, Deutsche Bank, Bank of America, Facebook and Twitter.

Pastebin Zeus

Source: Pastebin

What can you do?

Unfortunately, there is little to nothing organizations can do to prevent attacks from happening, since the spread of the attack is out of their control.

Institutions should scrutinize the online sessions across all of their digital channels (both online and mobile), especially for the targets identified in the Pastebin list.

In addition, banks and other enterprises should increase their visibility toward end-user devices, to better identify the health of the devices they are interacting with.

And finally, in events like this, organizations benefit from services that monitor the black markets, to determine quickly if they are an active target and reduce the effective time and losses from an attack.


Related Posts

The Fraud Beat 2019: Time to Reevaluate It has never been clearer that organizations are aware of the risks of fraud: in 2019 100% of financial institutions surveyed in the Faces of Fraud Report reported increasing or maintaining their budgets for fraud prevention.
Meet Lucifer: A New International Trojan The cat-and-mouse game between cybercriminals and security analysts never stops. Every so often, the mouse (in this case, represented by some kind of malware) pulls out front at a pace that catches that cat (the security solution) off guard.

Leave a Reply

Your email address will not be published. Required fields are marked *