Zeus Attack Spoofs NSA, Targets .GOV and .MIL
Criminals are spamming the Zeus banking Trojan in a convincing e-mail that spoofs the National Security Agency. Initial reports indicate that a large number of government systems may have been compromised by the attack.
According one state government security expert who received multiple copies of the message, the e-mail campaign — apparently designed to steal passwords from infected systems — was sent exclusively to government (.gov) and military (.mil) e-mail addresses.
The messages are spoofed so that they appear to have been sent by the National Intelligence Council (address used was firstname.lastname@example.org), which serves as the center for midterm and long-range strategic thinking for the U.S. intelligence community and reports to the office of the Director of National Intelligence.
The e-mails urge recipients to download a copy of a report named “2020 Project.” Another variant is spoofed to make it look like the e-mail from email@example.com. The true sender, as pulled from information in the e-mail header, is firstname.lastname@example.org.