Wednesday, September 15, 2010

ZeuS: Crime or Espionage?

ZeuS is a well known crimeware tool kit that is readily available online. The tool allows even the most unskilled to operate a botnet. Typically, Zeus has been associated with banking fraud. Recently, there have been a series of attacks using the Zeus malware that appear to be less motivated by bank fraud and more focused on acquiring data from compromised computers. The themes in the emails — often sent out to .mil and .gov email addresses — focus on intelligence and government issues. After the user receives such an email, and downloads the file referenced in the email, his or her computer will likely (due to the low AV coverage) become compromised by the ZeuS malware used by the attackers and will begin communicating with a command and control server. It will then download an additional piece of malware, an “infostealer”, which will begin uploading documents from the compromised computer to a drop zone under the control of the attackers.

Are these series of attacks connected? Are these events indicating a blurring of the boundaries between online crime and espionage? Or are government and military personnel just another target for online criminal activity?


This post is an overview of a collection of publicly available emails associated with these ongoing series of attacks. These are the socially engineered emails designed to lure potential victims into clicking on and executing the attackers’ malicious code. While the attacks are not targeted down to the individual, or even institutional level, and appear to have been sent to a wide variety of targets, the content of the emails is geared towards those interested in intelligence, military and security issues.


Additional information:

No comments:

Post a Comment