Stealth Phishing Attack Looks Like Internal Email

Trusteer Warns Against Dangerous Zeus Attack

Get the WebProNews Newsletter:

[ Business]

Security company Trusteer Research issued a security advisory this week, dealing with a stealth new Zeus/Zbot phishing attack, which is aimed at harvesting enterprise log-in credentials for web banking, financial, HR, and SaaS accounts.

"The attack is highly effective because it pretends to be an e-mail from the corporate IT department asking the user to update their Microsoft Webmail (OWA) settings," a Trusteer spokesperson says. "Once installed, the Trojan injects itself into the browser and monitors all traffic. It then steals log-in credentials to sensitive websites. Zeus also changes web pages presented in the browser, asking for additional sensitive information and sending it to the attackers."

The company has located servers in Russia, Chile, Hungary, Colombia, and Romania, which are being used in the attack. The campaign begins with an email that looks something like this (the recipent name has been blacked out):

Trusteer - Zbot email sample

More information about how the campaign plays out can be found in here (pdf) in Trusteer’s report.

"This attack illustrates how organized internet crime syndicates are expanding their focus from consumers to enterprises, by targeting employees with credentials to access high value banking, financial, and other web-based applications,"  said Trusteer CEO Mickey Boodaei. "The level of personalization used in these Phishing messages and the fact that they appear to be coming from the company’s IT department makes this attack very convincing and by extension very dangerous. We are urging enterprises to warn their employees and lock down browser settings to prevent unauthorized code execution inside the browser."

Trusteer recommends that businesses educate their employees regarding this specific attack, noting that although most enterprises educate employees about phishing, this attack is even more deceiving because it looks like an internal email. They also suggest blocking the downloading of exe files and zip files from the web.

Stealth Phishing Attack Looks Like Internal Email
Comments Off
Top Rated White Papers and Resources

Comments are closed.

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom