The University of Alabama’s Spam Data Mine has discovered a new malicious spam campaign that is designed to steal social security numbers as well. The messages are made to look like an alert from the Social Security Administration and have subject lines such as “Review your annual Social Security statement” and “Watch for errors on your Social Security Statement” and direct the recipient to click the included link to visit the SSA’s website. The link redirects to a legit-looking but malicious fake of the actual government website. The page asks visitors to input their social security number before proceeding. Next, it presents them with a page asking them to download their Social Security statement and review it for errors, promising tax breaks and refund payments if any errors are found.

The UAB Spam Data Mine says when the link is clicked the Zbot Trojan is download. This is a widespread and nasty banking Trojan that steals logins, banking info and other personal information. It installs a keylogger that records all information typed in websites by the infected computer, and also adds the machine to the Zeus botnet.

Zeus has been around for a while now and shows no signs of slowing down. It is also pummeling Facebook with phishing emails and sending out fake FDIC and IRS alerts in separate spam campaigns. Another variant of the Zbot Trojan is being spread via messages claiming someone has posted compromising photos of the recipient on the web. The messages direct them to the site where the alleged photos are on display, but the downloadable “photo archive” is actually Zbot.

Since this latest campaign is so new, it is still undetectable by many major anti-virus programs but that will likely change very soon.