[ISN] New Zeus Attack Preys On Quarterly Federal Taxpayers

From: InfoSec News <alerts_at_private>
Date: Mon, 18 Oct 2010 00:36:20 -0500 (CDT)

By Kelly Jackson Higgins
Oct 15, 2010 

A widespread spam campaign that began several days ago started spiking 
today, Oct. 15 -- quarterly tax payment deadline day in the U.S.: The 
Zeus-laden attack poses as an alert from the government's electronic tax 
payment system, telling recipients that their payment was rejected and 
sending them to a link that both infects them and redirects them to the 
legitimate electronic federal tax payment system website, eftps.gov.

Researchers at Solera Networks say they first discovered the Zeus tie-in 
with the spam run -- which features high volumes of spam emails with 
subject lines such as, "LAST NOTICE: Your Federal Tax Payment has been 
rejected in the system" -- during the past 24 hours after they had been 
investigating a zero-day attack at one of their customer's sites. They 
say they were struck both by the volume of the spam run and the layered 
method of the attack.

"Late last night we were able to put the pieces of information together 
that showed this was very interesting," says Peter Schlampp, vice 
president of marketing and product management for Solera Networks. "The 
call to action on this campaign is to click on the link, which says 
eftps.gov, but in the background is a different URL. It has several 
redirects and attempts to exploit your system. If successful, it gets 
you to the eftps.gov website, and with a keylogger installed all the 
information you [input there] gets sent to [the attacker] as well as the 
system, and you become part of the botnet."

The attack uses Zeus Version 2, according to Solera, and is one of the 
biggest spam campaigns Solera has ever seen.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
Received on Sun Oct 17 2010 - 22:36:20 PDT

This archive was generated by hypermail 2.2.0 : Sun Oct 17 2010 - 22:43:52 PDT