Zeus phishing wave targets Outlook Web Access users

By on
Zeus phishing wave targets Outlook Web Access users

Aims to steal business bank accounts.

Security experts this week identified a fresh spam campaign attempting to push the malevolent, password-stealing Zeus trojan to corporate email users.

Researchers at internet security firm Trusteer said this week that they identified a new global spam run being launched against users of Microsoft Outlook Web Access webmail service. The phony emails attempt to install the trojan by tricking users into believing they have to update their webmail settings.

The messages are especially well crafted and executed, according to Trusteer. To lend legitimacy, they appear to come from the organisation at which the recipients work. In addition, they contain a link appearing to belong to the targeted corporation.

"It looked almost genuine to me," Trusteer CTO Amit Klein told SCMagazineUS.com. "If that happens to me, who knows what happens to people who are not in the security profession?"

Recipients who click on the link are brought to an authentic-looking Outlook Web Access site, where they are asked to download the new settings, which actually turn out to be the Zeus trojan, also known as Zbot. These landing pages are being hosted by servers in a number of countries, including in Europe and Latin America.

Once installed on a PC, Zeus sits silently until a victim visits a financial account page, such as a bank or brokerage firm, Klein said. The trojan targets corporate users in particular because they may try to access business accounts with high balances.

The malware is customised not just to steal login details, but also can conduct a "man-in-the-browser" attack to replace the bank's login page with a counterfeit version, thus allowing the culprits to make the page say anything they want, Klein said.

"Zeus just sits there in the browser,"  he said. "It does whatever it takes to extract credentials and personal information from you so its operator can log in later and take over your bank account."

Anti-virus detection of Zeus remains low
, he said.

See original article on scmagazineus.com

Copyright © SC Magazine, US edition

Most Read Articles

Log In

|  Forgot your password?