Zeus Banking Trojan targets US Service men and women

Posted Wednesday, August 25, 2010 9:42 PM by hwaldron

Individuals who use the Military banking system should be cautious of a new attack designed to capture account details and passwords.  This information can be used to capture information which could lead to fraudulent withdrawals and other monetary losses. It's always good to verify any email claims with the bank itself prior to taking action.

ZeuS Variant Targets U.S. Military Personnel

QUOTE: Today, we saw a malware variant created with the well-known ZeuS toolkit that seems to be targeting members of the U.S. military serving overseas. Targets of this scam will receive an email with the following text:

Dear Bank of America Military Bank customer: This letter is to inform you that there is an update required for your Bank of America Military Bank Account, for this reason your account has been flagged. In order to update your account, please follow this link. Thank you for banking with us!  Bank of America Military Bank accounts support.

Should the recipients click the link, they will be brought to a page that is almost identical to the real login page of the bank. However, this fake login page is actually hosted in Russia. An Update Tool must be installed onto his/her system to ensure that his/her account is not locked.

Needless to say UpdateTool.exe is a ZeuS variant detected by Trend Micro as TSPY_ZBOT.BIZ. Unfortunately, most people who fall for this scam will not even be given the opportunity to manually download the executable file, as this attack first runs a whole suite of browser exploits on the target systems first. This leaves manually downloading the file as a last-resort attack vector.


No Comments