14 DAY TRIAL // Business owners might easily fall for the latest emails that seem to be coming from the US Chamber of Commerce, announcing their intention of helping the victim. What unsuspecting internauts don't know is that the note's attachment actually contains the infamous bank account-stealing Trojan known as ZeuS.
According to AppRiver, the state institution is realistically impersonated as the logo in the message's header and its footer's content are taken from the legitimate website of the US Chamber of Commerce.
As in most of these malware campaigns, the message is written with a big blue font, revealing a vague information that would arouse someone's curiosity.
Now, before discussing the facts that give away the true nature of the email, let's take a look at how the infection process works.
First of all, the attachment contains a malicious element that opens a backdoor, giving the masterminds access to the victim's device. Using that gateway, it aims to download other aggressive pieces of software.
Finally, it tries to connect two domains, jokeins.com and agrofond.com, from which it requests a start.exe file that contains the infamous ZeuS.
ZeuS takes over the operation and makes a miuf.exe process which creates a keylogger that launches periodic pings to different domains in the effort of receiving further instructions. The piece of malware also sends out UDP packages to announce other components of its presence.
So how could you have known that the email actually hides a malware attack?
First clue is that a message coming from an institution of the state will probably not contain such a short, ambiguous text, written in a font as large as the one seen in this case. Also, agencies know by now of the many hacker attempts that use their image in order to gain the credibility of their victims, so it's very unlikely that a legitimate organization will send you emails with zip files attached.
As you probably know, there are some exceptions, but as mentioned before, it's better to risk not receiving a message from the real thing than to get infected with a Trojan that will empty your bank account.
