The latest Zbot spam campaign which we observed this morning targets Social Security Online users. The spam email arrives as a notification about a Social Security statement.
In an attempt to trick the user into opening the link, the bad guys use a well crafted URL format that points to a fake Social Security Online website.
Right after a potential victim enters their Social Security number and clicks the "Continue" button, the page redirects to another page instructing the user to click a button to generate a "self-extracting Social Security statement".
So the keyword is "self-extracting". Remember our previous Zbot spam campaign blog? It uses the same social engineering trick in an attempt to make the executable look more legitimate.
