According to ZDNet – a new strain of the infamous Zeus malware has been discovered using Windows PIF files and being spread via email campaigns.
Websense has identified this Zeus strain as an information stealing trojan. Their ThreatSeeker Intelligence Cloud has been tracking the email campaigns, which appears and then disappears, for the last several months.
The PIF files appear to be PDFs, but in-fact do other things like setup the Zberp Trojan – an ID and banking information stealing malicious software agent.
These malicious files may be found in web-links or in attachments – often in Zip files (to pass through scanners which might skip embedded zip-archives) – the emails look like they come from a variety of sources, from Canada Post to the Federal Trade Commission (FTC) and more.
Examples + screenshots of the malware emails can be found here.
More Zeus information + articles:
- GameOver Zeus malware returns from the dead – Graham Cluley
- What is Gameover Zeus and does ESET protect me from it?
- How do I use the ESET ZbotZRcleaner tool to remove a Spy.zbot infection?
- Zeus malware – it’s a tough to detect + beat malicious program which can be very hard to get rid of – Snopes.com