Many consumers are aware of the potential threat to their personal information that can sometimes come in their email, but now there is yet another, more insidious one.
A new piece of malware is making the rounds and growing in popularity among would-be identity thieves, according to a report from Symantec, one of the world leaders in protecting computers from security threats. The company said that the latest threat is from a virus called Trojan.Zbot, which is nicknamed Zeus.
The report said that this Trojan arrives as a .zip file to an email that appears to be a legitimate attachment, like an invitation to a birthday party, some family photos, or a resume. However, the attachment actually contains an executable file that, once opened, can wreak havoc on a user's computer. Consumers should be aware that the .exe file is 119KB in size, and typically has a seemingly innocuous name.
Symantec said it has discovered the file under names such as "lance Armstrong.zip," "pricing.zip," "invitation.zip," "Resume.zip," and "Allhotels.zip," among others. Often, this file will be attached to an email with a similarly harmless sounding subject line. These have included "Beauty and the Geek 2," "fill this Passport Form," "First Birthday Invitation," "Picture sizes," "Resume & Coverletter - Feedback," and so forth. These names are designed to draw in consumers and trick them into opening the files.
Once activated, the Zeus malware will search a computer thoroughly for confidential information, Symantec said. It is designed to find online login credentials and banking details and then transmit it back to the hacker who sent it. However, it should be noted that this file was originally made in such a way that it can be altered to gather any kind of information.
The best course of action for consumers to avoid downloading files of this type is to simply keep an eye on all emails containing attachments. If they don't recognize the person that's sending it, or don't know why they would be receiving it, then it's best to just delete the email. However, even this doesn't guarantee safety, and if the consumer does attempt to download the file, they should also examine its extension to make sure it isn't an executable file that would open a program.