Spammers Exploit American Bankers Association Name to Malicious Scam

On January 26, 2010, Internet security company M86 Security reported that the gang behind Zeus/Pushdo/Cutwail used the name of US' biggest banking association to entice Internet users with e-mails apparently originating from the American Bankers Association.

The subject lines of the e-mails vary from "unauthorized transaction" to "An unauthorized transaction billed from your bank account," "unauthorized transaction billed from your bank card" and "An unauthorized transaction billed to your bank card."

The reports state that there is a web-link embedded in the e-mails, which leads the user to a web-page. The web-page looks like the American Bankers Association website.

As per Gavin Neale (security researcher at M86 Security), similar to earlier campaigns by the Zeus gang, a malicious iFrame inserted into this spoofed web-page which serves attack codes designed with the help of FSPACK toolkit. When the company's researchers accessed this page in the Firefox browser for a study in their lab, the page directed them to download a PDF file, as reported by SCMagazine on January 29, 2010.

In case a user opens the PDF file with a vulnerable version of Adobe Reader, then his computer will be infected by Zeus, said M86 Security. Tthe security company researchers also caution that the FSPACK abuses a number of vulnerabilities in Adobe Flash and Internet Explorer.

The VirusTotal Report (a free online malware and virus scan) indicated that the malware "transactionreport.exe," dropped by the spoofed website was nearly undetected. Just 6 out of 41 antivirus products could spot the malware, with just 2 of them appropriately identifying it to be Zeus.

In addition to the "transactionreport.exe," a drive-by infecting program originates from the 109.95.114.251 IP address, said the security researchers. This IP address has a well-known connection with Zeus via its network's controller.

According to the researchers, notably other famous entities have been utilized to lure users through phishing e-mails. These are the US Treasury, Internal Revenue Service, several financial institutions and the FDIC.

Hence, users are recommended that they should avoid fake, phishing e-mail.

Related article: Spammers Continue their Campaigns Successfully

» SPAMfighter News - 05-02-2010

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial