ALERT: ZeuS GameOver Massive Spamming Campaign Now Targeting Banks & Enterprises

Share Button

Today, our research team has confirmed a massive spam campaign leveraging ZeuS GameOver, is now targeting major banks, social networks, and other enterprises.

How is the spamming taking place?

Hundreds of unsolicited emails, impersonating “Broad Oak Toiletries Ltd”, are targeting these organizations. To inspire trust, the emails have the word Invoice and a few random numbers on the subject line and pretends to have been scanned by Symantec Email Security cloud service. In the body of the email, the recipients are being asked to communicate a payment date to an account administrator for the invoice attached.

The email includes a ZIP archive named ‘Invoice [random number] March’ and contains an executable file posing as a Word document. Upon opening, the file will attempt to download a binary form of 55 different URLs. Following this, approximately 35 websites will be serving up the payload of ZeuS GameOver, with the Narcus rootkit and some ransomware.

Who’s the target?

We have confirmed that the attack is being active against the websites listed on Pastebin here. The list includes USAA, Deutsche Bank, Bank of America, Facebook and Twitter.

Pastebin Zeus

Source: Pastebin

What can you do?

Unfortunately, there is little to nothing organizations can do to prevent attacks from happening, since the spread of the attack is out of their control.

Institutions should scrutinize the online sessions across all of their digital channels (both online and mobile), especially for the targets identified in the Pastebin list.

In addition, banks and other enterprises should increase their visibility toward end-user devices, to better identify the health of the devices they are interacting with.

And finally, in events like this, organizations benefit from services that monitor the black markets, to determine quickly if they are an active target and reduce the effective time and losses from an attack.


Related Posts

Customer Success Story: How Scanning the Dark Web Has Changed Elements Financial’s Security Scanning the dark web for stolen credentials isn’t necessarily on the radar of every financial institution – but it should be.
Account Takeover – What You Need to Know About This $7 Billion Scheme Account takeover (ATO) – it’s the ultimate goal of most fraud attacks, and already causes at least $6.5 billion to $7 billion USD in annual losses across multiple verticals.

Leave a Reply

Your email address will not be published. Required fields are marked *