Spammers are notorious for latching on to the most recent trend in an effort to increase click rates. Recently, a spam campaign containing Zeus malware utilized recent concerns over terrorism to send messages which appeared to be sent by the Department of Homeland Security, TSA and DoD.
Researchers at Sophos Labs have discovered the low-yield campaign which targets government users with enticing subjects like “Report on Defending and Operating in a Contested Cyber Domain” and “RE: Al-Qaeda in the Arabian Peninsula.”
“Unlike some of the other Zbot runs we've seen, this current run is relatively low volume,” writes Savio Lau, a SophosLabs Canada researcher, in a blog post. “Nevertheless, this trickery by the Zbot crew is not new. They've tried to spoof other agencies such as the NSA back in February, going as far as coming up with a spam run that “reports“ on their own attacks.”
The emails contain links to the supposed reports, which actually are zip files containing the Zeus Trojan.
“Even if you do work for one of these agencies, there should be no reason you would be receiving weblink reports in this fashion,” Lau writes. “Users should have no trouble avoiding these spam campaigns as long as they remain vigilant.”