Fake US-CERT Emails Contain Banking Virus Traced to Russia
A variant of the notorious Zeus virus has been circulating the offices of government agencies through an email from hackers who are aping the sender address @US-CERT.GOV, the true U.S. Computer Emergency Readiness Team disclosed Wednesday evening. Researchers outside of US-CERT traced the malicious software to a botnet -- a remotely-controlled network of infected computers -- that is taking commands from computers located in Russia.
Reports of spoofed US-CERT emails with attachments labeled "US-CERT Operation Center Report XXXXXXX.zip" began filing in on Tuesday, officials announced at the time, but they did not identify the threat until Wednesday. The Zeus offshoot "Ice-IX," like its parent worm, steals banking credentials and other personal information by logging keystrokes. But it also supposedly can sidestep firewalls and other protective mechanisms.
The emails are going out to federal, state and local government personnel, as well as private sector employees, according to US-CERT. The messages carry the subject line: "Phishing incident report call number: PH000000XXXXXXX," with the "X" containing an incident report number that varies.