Government email addresses targeted by Zeus variant

The National Intelligence Council is the purported sender of emails in a spam campaign that is targeting exclusively .gov and .mil addresses, with the goal of making the receiver think that he was downloading a legitimate (“2020 Project”)report while, in fact, he is infesting his computer with a password stealing variant of the Zeus/Zbot Trojan.

Brian Krebs warns about the scheme and says that the sender’s address was spoofed to make it seem that the email is coming from nic@nsa.gov or admin@intelink.gov. The true sender address is actually nobody@sh16.ruskyhost.ru.

His sources report that US-CERT is aware of the campaign being aimed only at government addresses, and that a large number of computers have been already infected. Also, that this variant of the Trojan is somewhat old, but allows for updating, making it possible for it to steal other information besides login credentials.

Don't miss