Regions Financial - Online Banking Fraud Alert: Zeus Malware

jcgriff2 · Feb 5, 2013

I received 3 emails this morning - http://www.regions.com/about_regions/zeus_malware.rf

... and I don't even have an account with them.

The zip attachment that came with each email stated that a browser with Java was needed!

Corrine · Feb 6, 2013

Am I understanding correctly that you don't have an account with them and attempted to open the zip attachment? :shame2:

niemiro · Feb 6, 2013

Reminds me of a text only email stuffed full of spelling and grammatical I got from fedex_tracking@{disposable_address}.com asking me to track my parcel.

Attached was .zip file containing tracking.exe. I didn't open it

Has got to be one of the worst pieces of spam I have ever received.

AceInfinity · Feb 6, 2013

"The zip attachment that came with each email stated that a browser with Java was needed! " - Should be enough to warn lol

Zeus is one monstrous trojan though. The structure of that malicious code is incredibly scary...

Cayden · Feb 7, 2013

AceInfinity said:
"The zip attachment that came with each email stated that a browser with Java was needed! " - Should be enough to warn lol

Zeus is one monstrous trojan though. The structure of that malicious code is incredibly scary...

What do you mean? I'm no coder so I don't see how simple code can 'look scary'.

Corrine · Feb 7, 2013

You see, Cayden, Ace is a coder so he'd understand what the code is doing.

AceInfinity · Feb 7, 2013

Cayden said:
AceInfinity said:

"The zip attachment that came with each email stated that a browser with Java was needed! " - Should be enough to warn lol

Zeus is one monstrous trojan though. The structure of that malicious code is incredibly scary...

Click to expand...

What do you mean? I'm no coder so I don't see how simple code can 'look scary'.

Zeus is by no means "simple", it almost has enough code to look like it was an encyclopedia. :lol:

jcgriff2 · Feb 7, 2013

Corrine said:
Am I understanding correctly that you don't have an account with them and attempted to open the zip attachment? :shame2:

Yes, I opened the zip attachment after I grabbed it from the WLM EML folder. I didn't do anything within the email itself.

There was an HTM file inside. That is what they wanted Java for.

I looked at the HTM source for a bit, then got rid of it all.

I didn't save the HTM code for proper analysis. Next time. :)

Regions Financial - Online Banking Fraud Alert: Zeus Malware

jcgriff2

Co-Founder / Admin
BSOD Instructor/Expert
Microsoft MVP (Ret.)

Corrine

Administrator,
Microsoft MVP,
Security Analyst

niemiro

Senior Administrator, Windows Update Expert

AceInfinity

Emeritus, Contributor

Cayden

Member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

AceInfinity

Emeritus, Contributor

jcgriff2

Co-Founder / Admin
BSOD Instructor/Expert
Microsoft MVP (Ret.)

Regions Financial - Online Banking Fraud Alert: Zeus Malware

Co-Founder / AdminBSOD Instructor/ExpertMicrosoft MVP (Ret.)

Administrator, Microsoft MVP, Security Analyst

Senior Administrator, Windows Update Expert

Emeritus, Contributor

Member

Administrator, Microsoft MVP, Security Analyst

Emeritus, Contributor

Co-Founder / AdminBSOD Instructor/ExpertMicrosoft MVP (Ret.)

Co-Founder / Admin
BSOD Instructor/Expert
Microsoft MVP (Ret.)

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Co-Founder / Admin
BSOD Instructor/Expert
Microsoft MVP (Ret.)