A new phishing attack launched by Zeus has taken aim at military personnel and intelligence officials in several countries including the US. The spammers behind the attack exploited a trusted security firm and sent fake messages pretending to be from the firm. Using social engineering tricks they sent messages to the same people their earlier phishing attack had targeted. The messages acknowledged the attack and asked them to download a zip file that claimed to be a security patch that would fix the vulnerability that allowed the earlier attack. The file has just a 35% anti-virus detection rate.

Unlike most phishing attacks, which tend to target banks and other financial firms with the goal of monetary gain, this attack is much more worrisome. While the kind of information that could be stolen in such an attack could be sold for huge sums on the black market, the other implications are far more serious. Should a hacker gain access to a military or intelligence computer there is no telling what kind of havoc they could wreak. It could result in a national security crisis. This should be of particular concern to the US government, which has come under fire in recent months for its poor cyber security practices. Last week, the Bipartisan Policy Center hosted a simulation of a cyber attack on the US and the government failed miserably. Security experts say the government is woefully unprepared for a cyber attack and that it’s no longer a question of if one will occur, but when.