Experts from Dell SecureWorks' Counter Threat Unit (CTU) are warning users and companies about a new spam campaign initiated by the cybercriminals behind the Gameover ZeuS banking Trojan. Apparently, the spam operation relies on the Cutwail botnet.Recipients of these emails are informed that they’ve received a new encrypted message from a certain financial institution.
“You have received a secure e-mail message from [name of the bank]. We care about your privacy. [name of the bank] uses this secure way to exchange e-mails containing personal information. Read your secure message by opening the attachment. You will be prompted to save (download) it to your computer,” the emails read.
The attachment contains the Pony downloader, which, when executed, downloads and installs the Gameover ZeuS banking Trojan.
According to researchers, the names of several financial institutions are leveraged. Also, there are several other email variants, some of which inform recipients about a fax, a scan or a voicemail, and urge them to install a free piece of software.
Organizations are advised to educate their employees about the current spam campaigns and remind them never to click on a link or open an attachment that comes in unsolicited emails. In addition, companies are urged to update their firewalls and intrusion prevention systems to detect these types of threats.