McAfee malware research scientist Pedro Bueno made note of the new Zeus push yesterday in a McAfee Labs blog posting. Bueno said the new spam campaign is linked to the Asprox botnet, which is spreading emails that use FedEx branding.
The researcher said these fake FedEx emails contain attachments that are really executables, with file names starting in FedExDoc or FedExInvoice.
“Those attachments are recognized as the Bredolab Trojan”, Bueno wrote, “which will download the Zeus component”.
Zeus, as Infosecurtiy notes, is the notorious trojan delivered via email files with .exe attachments, and is designed to make off with personal and banking information.
He also added that several large US banks are among targets of the fake FedEx emails – including Citibank, Comerica, USBank and Wells Fargo – in addition to several other banks in Europe, the Middle East, Asia, and South America.