Zeus Rides Crest of Latest Spam Wave Straight to Your Financial Data

The number of spam messages bundled with malicious software has soared in recent months, from nearly extinct to a dangerous level.

The most prominent example of the malware-loaded spam wave this month  impersonates the Automated Clearing House (ACH), a US-based financial service offered by NACHA, the electronic payments association. The message looks pretty convincing, as the spam samples we investigated have been tampered with to appear as if they had been set from a e-mail account.

 Attached to the message is a zip archive purportedly detailing the failed transaction, which the user is advised to review. However, the file inside bears a double extension (pdf.exe), so even if it looks like a PDF file, it is actually an executable file.

If run, the piece of malware installs a downloader – a malicious component solely designed to fetch other e-threats. In this case, the downloader fetches and installs a variant of the Zeus bot, as well as a spammer component known as Trojan.Generic.6152125. While the Zeus bot is instructed to monitor electronic financial transactions and username/password combinations for a variety of services, the spam bot is responsible for sending masses of unsolicited messages. The spammer combines promotional messages from affiliates (replica bags and knock-off luxury products or Canadian Pharmacy medicine) with its own “advertisements” – spam messages such as the one in discussion in an attempt to recruit more spam mules around the world.

You’ll end up losing your money through credit card fraud. And, to add insult to injury, your infected PC starts doing the bad guys’ work.

“All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of their respective owners”.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.