Security researchers are Websense Security Labs have narrowed in on a form of Zeus variants that are being used to steal consumer data in spam email campaigns. The Zeus strains use
Windows extensions to steal user data. These malicious tools are included in spam email URLs which link to .ZIP files that contain malware. Copy such as "Payment Confirmation" and "Failed Delivery for
Package," are used to encourage respondents to click.