ALERT: ZeuS GameOver Massive Spamming Campaign Now Targeting Banks & Enterprises

Share Button

Today, our research team has confirmed a massive spam campaign leveraging ZeuS GameOver, is now targeting major banks, social networks, and other enterprises.

How is the spamming taking place?

Hundreds of unsolicited emails, impersonating “Broad Oak Toiletries Ltd”, are targeting these organizations. To inspire trust, the emails have the word Invoice and a few random numbers on the subject line and pretends to have been scanned by Symantec Email Security cloud service. In the body of the email, the recipients are being asked to communicate a payment date to an account administrator for the invoice attached.

The email includes a ZIP archive named ‘Invoice [random number] March 2014.zip’ and contains an executable file posing as a Word document. Upon opening, the file will attempt to download a binary form of 55 different URLs. Following this, approximately 35 websites will be serving up the payload of ZeuS GameOver, with the Narcus rootkit and some ransomware.

Who’s the target?

We have confirmed that the attack is being active against the websites listed on Pastebin here. The list includes USAA, Deutsche Bank, Bank of America, Facebook and Twitter.

Pastebin Zeus

Source: Pastebin

What can you do?

Unfortunately, there is little to nothing organizations can do to prevent attacks from happening, since the spread of the attack is out of their control.

Institutions should scrutinize the online sessions across all of their digital channels (both online and mobile), especially for the targets identified in the Pastebin list.

In addition, banks and other enterprises should increase their visibility toward end-user devices, to better identify the health of the devices they are interacting with.

And finally, in events like this, organizations benefit from services that monitor the black markets, to determine quickly if they are an active target and reduce the effective time and losses from an attack.

 

Related Posts

Meet Lucifer: A New International Trojan The cat-and-mouse game between cybercriminals and security analysts never stops. Every so often, the mouse (in this case, represented by some kind of malware) pulls out front at a pace that catches that cat (the security solution) off guard.
Blunt Phishing’s Hook with Victim Insights 2.0

Typically, anti-phishing protection is a hammer that views every malicious site as a similarly-sized nail. It discovers a phishing site, slates it for removal, and eventually removes it from the...internet so that users can’t click on or enter their credentials into it.

Leave a Reply

Your email address will not be published. Required fields are marked *