Government Agencies Hit with Massive Zeus Phishing Attack

A lot of readers have probably heard about Zeus by now. Its a class of malware-based variants that will compromise the unwary. But to be more specific, Zeus is a framework- a programming API that malware authors use to bundle and package their evil code. Hardly any of the big anti-virus companies can detect the zeus-based malware, and it specializes at compromising older systems like Windows XP running Internet Explorer 6.

In this latest attack, targeted to any employees of a .gov domain email address, victims stupidly opened an external attachment and infected themselves with a piece of malcode that swept documents off their systems and uploaded them to a system in Belarus. Who needs gay soldiers stealing documents when you have zeusbot variants?

From Krebsonsecurity here:

Recipients who clicked either of the above links and opened the file offered were infected with a ZeuS Trojan variant that steals passwords and documents and uploads them to a server in Belarus. I was able to analyze the documents taken in that attack, which hoovered up more than 2 gigabytes of PDFs, Microsoft Word and Excel documents from dozens of victims. I feel reasonably confident I have identified several victims, all of whom appear to be employees of some government or another.

Check out Krebs’ site to see some of the victims. They include state police agencies who had documents stolen that detailed wiretapping, new technology development grants from the NSF, and strategies to combat global terrorism and money laundering.

And while none of these systems were classified, each of these documents could be considered critical or sensitive, and in the case of the Police systems, Law Enforcement Sensitive.