Top 10 Zeus Campaigns
Written by Sue Walsh on September 2, 2010Here’s a look at the Zeus botnet’s top spam campaigns: 
- An unauthorized transaction billed to your bank account- Although most people should know that if their bank spots a fraudulent transaction they will call you or send you a letter - not email you, this subject line is alarming enough to get some people to open it and wind up getting phished or infected with malware.
- DHL Tracking number #######- This is one of the oldest campaigns. A variation uses UPS instead of DHL, but in both cases the included attachment has a hidden executable that contains malware.
- FDIC has officially named your bank failed bank- An obvious attempt to exploit the economic crisis. Too bad the horrible grammar gives it away.
- Hello- This is why it’s often advised not to send emails this way. Many spam filters flag messages with “Hello” or “Hi” as the subject because of campaigns like this.
- Notice of Underreported Incomeir- The glaring misspelling gives this away as spam right away.
- Review your annual Social Security statement- This has been around for a while as well. The scammers are hoping there are still folks out there who don’t know that the SSA sends out your statement via postal mail about 6 months before your birthday each year.
- Welcome to Friendster- An obvious attempt to exploit a brand. Unfortunately for them Friendster isn’t quite as popular as it used to be.
- You have received a file from (email) via YouSendIt.- This campaign is banking on people’s natural curiosity to be peaked enough to open it.
- Your Flight Ticket #####- Delta was one of the more recent airlines to be exploited by this campaign. The scammers are hoping that when someone gets the fake ticket and cheery note informing them that their credit card has been charged over $800 that they’ll be upset enough to not think first and open the attached paperwork, which delivers a Trojan.
- Your Order with Amazon.com- This is a blatant phishing campaign. Every link in the fake notification leads to a fake Amazon login page. It’s pretty easy to spot though because the total amount due, which is listed twice, is always two different amounts and there is plenty of broken English as well.
Loading ...
I have to admit that no. 1 (An unauthorized transaction billed to your bank account), is cleverly ingenious. We’ve had a couple of employees run into that very same problem after carelessly passing around their office e-mails on suspicious websites. Any sort of notice (or warning) that has anything do with your credit card is always alarming, most especially if it has something to do with your bill.
It’s hard to fathom how these spammers come up with these ideas, and how easily some people fall for them.
@diane We’ve actually started implementing seminars on proper internet etiquette and security for company employees. Some practices are seemingly obvious for staff in the IT department, but some people really need their hand held when it comes to the do’s and don’ts in spam prevention. We’ve learned that awareness goes a long way in cutting down security and protocol breaches (and subsequent bogdowns). Though teaching these techniques is one thing, enforcing them is another.