Zeus phishing wave targets Outlook Web Access users

By

Aims to steal business bank accounts.

Security experts this week identified a fresh spam campaign attempting to push the malevolent, password-stealing Zeus trojan to corporate email users.

Researchers at internet security firm Trusteer said this week that they identified a new global spam run being launched against users of Microsoft Outlook Web Access webmail service. The phony emails attempt to install the trojan by tricking users into believing they have to update their webmail settings.

The messages are especially well crafted and executed, according to Trusteer. To lend legitimacy, they appear to come from the organisation at which the recipients work. In addition, they contain a link appearing to belong to the targeted corporation.

"It looked almost genuine to me," Trusteer CTO Amit Klein told SCMagazineUS.com. "If that happens to me, who knows what happens to people who are not in the security profession?"

Recipients who click on the link are brought to an authentic-looking Outlook Web Access site, where they are asked to download the new settings, which actually turn out to be the Zeus trojan, also known as Zbot. These landing pages are being hosted by servers in a number of countries, including in Europe and Latin America.

Once installed on a PC, Zeus sits silently until a victim visits a financial account page, such as a bank or brokerage firm, Klein said. The trojan targets corporate users in particular because they may try to access business accounts with high balances.

The malware is customised not just to steal login details, but also can conduct a "man-in-the-browser" attack to replace the bank's login page with a counterfeit version, thus allowing the culprits to make the page say anything they want, Klein said.

"Zeus just sits there in the browser,"  he said. "It does whatever it takes to extract credentials and personal information from you so its operator can log in later and take over your bank account."

Anti-virus detection of Zeus remains low, he said.

See original article on scmagazineus.com

Zeus phishing wave targets Outlook Web Access users
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
accessaccountbankingemailinformationoutlookphishingsecuritytrojanweb

Sponsored Whitepapers

Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt

Events

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?