The Zeus crimeware family has moved into new territory with its latest spam campaign – purporting to be a warning about targeted phishing attacks on “.gov” and “.mil” domains, by Zeus Trojans no less!
In fact, one of the latest spam samples we’ve seen, duplicates the title and first three paragraphs of a blog entry by well-known security expert Brian Krebs, which discusses a previous iteration of this Zeus attack. As seen below, the spam sample starts off with the same three lines of the blog post, before starting into the phony KB content and links that lead to Zeus malware.

Note that while reports on the initial campaign suggest only “.gov” and “.mil” addresses were targeted, we have seen these later samples from a wider variety of sources.