Skip to main content

Fake US-CERT Emails Contain Banking Virus Traced to Russia

posted onJanuary 12, 2012
by l33tdawg

A variant of the notorious Zeus virus has been circulating the offices of government agencies through an email from hackers who are aping the sender address @US-CERT.GOV, the true U.S. Computer Emergency Readiness Team disclosed Wednesday evening. Researchers outside of US-CERT traced the malicious software to a botnet -- a remotely-controlled network of infected computers -- that is taking commands from computers located in Russia.

Reports of spoofed US-CERT emails with attachments labeled "US-CERT Operation Center Report XXXXXXX.zip" began filing in on Tuesday, officials announced at the time, but they did not identify the threat until Wednesday. The Zeus offshoot "Ice-IX," like its parent worm, steals banking credentials and other personal information by logging keystrokes. But it also supposedly can sidestep firewalls and other protective mechanisms.

The emails are going out to federal, state and local government personnel, as well as private sector employees, according to US-CERT. The messages carry the subject line: "Phishing incident report call number: PH000000XXXXXXX," with the "X" containing an incident report number that varies.

Source

Tags

Security Viruses & Malware US Russia

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th