Regions Financial - Online Banking Fraud Alert: Zeus Malware

jcgriff2 · Feb 5, 2013

I received 3 emails this morning - http://www.regions.com/about_regions/zeus_malware.rf

... and I don't even have an account with them.

The zip attachment that came with each email stated that a browser with Java was needed!

Corrine · Feb 6, 2013

Am I understanding correctly that you don't have an account with them and attempted to open the zip attachment? :shame2:

niemiro · Feb 6, 2013

Reminds me of a text only email stuffed full of spelling and grammatical I got from fedex_tracking@{disposable_address}.com asking me to track my parcel.

Attached was .zip file containing tracking.exe. I didn't open it

Has got to be one of the worst pieces of spam I have ever received.

AceInfinity · Feb 6, 2013

"The zip attachment that came with each email stated that a browser with Java was needed! " - Should be enough to warn lol

Zeus is one monstrous trojan though. The structure of that malicious code is incredibly scary...

Cayden · Feb 7, 2013

AceInfinity said:
"The zip attachment that came with each email stated that a browser with Java was needed! " - Should be enough to warn lol

Zeus is one monstrous trojan though. The structure of that malicious code is incredibly scary...

What do you mean? I'm no coder so I don't see how simple code can 'look scary'.

Corrine · Feb 7, 2013

You see, Cayden, Ace is a coder so he'd understand what the code is doing.

AceInfinity · Feb 7, 2013

Cayden said:
AceInfinity said:

"The zip attachment that came with each email stated that a browser with Java was needed! " - Should be enough to warn lol

Zeus is one monstrous trojan though. The structure of that malicious code is incredibly scary...

Click to expand...

What do you mean? I'm no coder so I don't see how simple code can 'look scary'.

Zeus is by no means "simple", it almost has enough code to look like it was an encyclopedia. :lol:

jcgriff2 · Feb 7, 2013

Corrine said:
Am I understanding correctly that you don't have an account with them and attempted to open the zip attachment? :shame2:

Yes, I opened the zip attachment after I grabbed it from the WLM EML folder. I didn't do anything within the email itself.

There was an HTM file inside. That is what they wanted Java for.

I looked at the HTM source for a bit, then got rid of it all.

I didn't save the HTM code for proper analysis. Next time. :)

Search

Search

Regions Financial - Online Banking Fraud Alert: Zeus Malware

jcgriff2

Site Administrator, General Manager, BSOD Kernel Dump Expert, Microsoft MVP (Ret.)

Corrine

Administrator,
Microsoft MVP,
Security Analyst

niemiro

Senior Administrator, Windows Update Expert

AceInfinity

Moderator, Programming, Contributor

Cayden

Member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

AceInfinity

Moderator, Programming, Contributor

jcgriff2

Site Administrator, General Manager, BSOD Kernel Dump Expert, Microsoft MVP (Ret.)

Regions Financial - Online Banking Fraud Alert: Zeus Malware

Site Administrator, General Manager, BSOD Kernel Dump Expert, Microsoft MVP (Ret.)

Administrator, Microsoft MVP, Security Analyst

Senior Administrator, Windows Update Expert

Moderator, Programming, Contributor

Member

Administrator, Microsoft MVP, Security Analyst

Moderator, Programming, Contributor

Site Administrator, General Manager, BSOD Kernel Dump Expert, Microsoft MVP (Ret.)

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst