Saturday, February 06, 2010

Zeus Attack Spoofs NSA, Targets .GOV and .MIL

Brian Krebs:

Criminals are spamming the Zeus banking Trojan in a convincing e-mail that spoofs the National Security Agency. Initial reports indicate that a large number of government systems may have been compromised by the attack.

According one state government security expert who received multiple copies of the message, the e-mail campaign — apparently designed to steal passwords from infected systems — was sent exclusively to government (.gov) and military (.mil) e-mail addresses.

The messages are spoofed so that they appear to have been sent by the National Intelligence Council (address used was, which serves as the center for midterm and long-range strategic thinking for the U.S. intelligence community and reports to the office of the Director of National Intelligence.

The e-mails urge recipients to download a copy of a report named “2020 Project.” Another variant is spoofed to make it look like the e-mail from The true sender, as pulled from information in the e-mail header, is

More here.


Post a Comment

<< Home