Zeus Trojan Strikes Again

What appears to be an alert from the FDIC is really the latest installment of the Zbot Banking Trojan. The message claims to have come from the FDIC to inform you that your Bank has failed and the FDIC has taken control of its assets. These messages come with such subjects as you need to check your ”Bank Deposit Insurance Coverage” or “FDIC has officially named your bank a failed bank”. You are then directed to a link that would allegedly allow you to check your deposit insurance coverage. This link takes you to a page that alleges to contain your “personal insurance file” in your choice of a PDF or Word document, the only catch is that they are both executable files named pdf.exe and word.exe. The fake FDIC websites that contain the payload are being hosted on a variety of .eu domains. Here is an example of the message and landing page:



Contained in both of these links is your very own fresh new copy of the Zbot trojan. This is has become a very prolific infection in recent months. Also known as Zeus this piece of malware is a key-logging trojan designed to steal your logins and more importantly your banking credentials. These guys are well known for their social engineering tactics having most recently brought some fake “IRS Alerts” and “mailbox related server upgrades”. This is a common technique in malware distribution to provide an air of fear and couple that with a relevant news headline to provide legitimacy. All of our Hosted Exchange and Spam filtering customers are currently protected from all known variants.