SophosLabs’ Graham Cluley said in a blog post that the company is intercepting a high number of bogus emails advising recipients that they have a “secure message.” The mail urges them to open up the attached ZIP file, which, of course, executes the trojan.
“The notorious ZBot family of malware (also known as Zeus) can hijack your computer, making it part of a criminal botnet,” Cluley noted. “Over the past few years, cybercriminals have used different versions of ZBot to steal money from online bank accounts, log-in details for social networking sites and email/FTP information.”
Zeus is well-known for using keylogging, a simple but effective tactic that allows the botnet operator to monitor people’s online activity and gain access to usernames and passwords in order to steal identities, withdraw money and make online purchases. “Experts believe these botnets are responsible for nearly half a billion dollars in damages,” Stuart Aston, Microsoft UK’s chief security advisor told Infosecurity last year, after the company took down 800 domains associated with the Zeus botnet.
The emails have the subject line of "You have received a secure message," while the body reads:
Read your secure message by opening the attachment, SECUREDOC. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it.
If you have concerns about the validity of this message, please contact the sender directly. For questions about Key's email encryption service, please contact technical support at 888.764.7941.
It even includes a few social engineering tactics to make the whole affair seem more legitimate:
First time users - will need to register after opening the attachment.
Help - https://mailsafe.keybank.com/websafe/help?topic=RegEnvelope
About IronPort Encryption - https://mailsafe.keybank.com/websafe/about
“It's easy to understand why recipients might be duped into believing that they have really received a secure message like the one shown above, and might be fooled into opening the attachment, and running the malicious executable contained within,” Cluley said. “Always think carefully before opening an unsolicited email attachment.”