Security experts have intercepted an email based malware attacked aimed at U.S schools and government organization. Over 1000 malware laden emails were sent from 15 IP addresses, most of them originating in Russia. The attack lasted two days and attempted to deliver a Trojan called Spy.Win32.Zbot.ele disguised as a Windows Update. A similar attack was aimed at U.S. businesses. It’s believed the Spy.Win32.Zbot.ele Trojan is the same one that delivers the infamous and nasty AntiVirus XP 2008 virus. The typical social engineering techniques commonly used by spammers these days were used, with an attempt to personalize them for the educational audience they were aimed at.

Experts speculate that the attack may have come from a brand new botnet located somewhere in Russia that is looking to establish itself. All of the IPs used in the attack were consumer based and presumably hijacked to hide the true origin of the attackers.