Spammers Exploit American Bankers Association Name to Malicious ScamOn January 26, 2010, Internet security company M86 Security reported that the gang behind Zeus/Pushdo/Cutwail used the name of US' biggest banking association to entice Internet users with e-mails apparently originating from the American Bankers Association. The subject lines of the e-mails vary from "unauthorized transaction" to "An unauthorized transaction billed from your bank account," "unauthorized transaction billed from your bank card" and "An unauthorized transaction billed to your bank card." The reports state that there is a web-link embedded in the e-mails, which leads the user to a web-page. The web-page looks like the American Bankers Association website. As per Gavin Neale (security researcher at M86 Security), similar to earlier campaigns by the Zeus gang, a malicious iFrame inserted into this spoofed web-page which serves attack codes designed with the help of FSPACK toolkit. When the company's researchers accessed this page in the Firefox browser for a study in their lab, the page directed them to download a PDF file, as reported by SCMagazine on January 29, 2010. In case a user opens the PDF file with a vulnerable version of Adobe Reader, then his computer will be infected by Zeus, said M86 Security. Tthe security company researchers also caution that the FSPACK abuses a number of vulnerabilities in Adobe Flash and Internet Explorer. The VirusTotal Report (a free online malware and virus scan) indicated that the malware "transactionreport.exe," dropped by the spoofed website was nearly undetected. Just 6 out of 41 antivirus products could spot the malware, with just 2 of them appropriately identifying it to be Zeus. In addition to the "transactionreport.exe," a drive-by infecting program originates from the 109.95.114.251 IP address, said the security researchers. This IP address has a well-known connection with Zeus via its network's controller. According to the researchers, notably other famous entities have been utilized to lure users through phishing e-mails. These are the US Treasury, Internal Revenue Service, several financial institutions and the FDIC. Hence, users are recommended that they should avoid fake, phishing e-mail. Related article: Spammers Continue their Campaigns Successfully ยป SPAMfighter News - 2/5/2010 |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!