A recent spam email campaign delivered the Zeus Trojan through MSG file attachments used by Microsoft Outlook and Exchange.
The Zeus Trojan hides in MSG files
A recently discovered aggressive email spam campaign has been spotted to infect victims with the Zeus Trojan delivered through MSG files. They are attached to the messages and are used for storing information for the Microsoft Outlook and Exchange applications.
The spam campaign poses as Tax notification emails that allegedly come from Canada’s Revenue Agency. Security experts from Trustware confirmed that the malicious object contained within the attachments contain the malware.
The extracted streams contain three folders named “__attach_version”, in the first two of there is an image of a spoofed PDF file. The third file contain compressed data which hides the heavily obfuscated JavaScript code. When it is executed it downloads a malicious binary from the “tradestlo[.]top” domain. This is actually the Trojan downloader known as Terdot.
This malware is designed to inject its code into the Windows Explorer process and download a second payload which is the Zeus Trojan.
Upon installation on the target machine Zeus starts operating. This is a dangerous Trojan that can intercept network traffic and steal valuable information. It primarily targets online banking accounts and other highly sensitive credentials.
The researchers note that malicious embedded files are not often identified in MSF attachments. This is a yet another technique that is used by cyber criminals to avoid email gateways.
