A variant of the ZeuS Trojan, detected by Sophos as Troj/Zbot-DPM, is being distributed with the aid of bogus notifications that appear to come from KeyBank, a regional bank based in Cleveland, Ohio.
According to experts, the malware is hidden inside an archive called “securedoc.zip” that’s attached to emails entitled “You have received a secure message.”
“Read your secure message by opening the attachment, SECUREDOC. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it,” the notifications read.
“If you have concerns about the validity of this message, please contact the sender directly. For questions about Key's e-mail encryption service, please contact technical support at 888.764.7941.”
It’s important to remember that the crooks can at any time change the name of the financial institution, so if you see similar messages apparently coming from other banks, be sure to avoid opening the attachments or clicking on the links they carry.
The ZeuS Trojan is highly dangerous because it specializes in stealing banking and other sensitive information.