Zbot Trojan delivery via fake Pentagon emails

Attention-piquing malicious spam emails purportedly coming from the DHS, the Pentagon or the Transportation Security Administration have recently been spotted by Sophos.

With subject lines such as: “RE:Al-Qaeda in the Arabian Peninsula (AQAP)”, “Report on Defending and Operating in a Contested Cyber Domain, “FOR OFFICIAL USE ONLY” and others, the emails contain some text that introduces the subject of the report and two links that point to report.zip.

When the file is unzipped, it reveals report.exe, which tries to pass on as a report, but is actually a Zbot Trojan.

Even if you are extremely curious about the contents of this report and you download the file, the .exe file extension should trigger an alarm bell in your head. How many legitimate written reports that have that extension did you ever see? My bet is none.