Malware Threat in the Name of FDIC
Numerous malicious e-mails are captured by honeytraps, the worldwide networks of Sophos, that seemed to be sent by the Federal Deposit Insurance Corporation (FDIC), as reported by nakedsecurity on August 30, 2011.
Advertently, the headers of the e-mails were spoofed off to avoid unwanted suspicious and the subject line of the e-mails beared the title "FDIC notification". As evident, like many other spam e-mails, this mail was also filled with innumerable mistakes, providing a clear indication of not being originated from a government agency.
The mail informed the receiver of suspension of their ACH account and WIRE transaction due to expiration of security version. For downloading and installing the latest installation, a receiver has to read the attached pdf and wait for the setup to operate. Once the setup starts operating, all transaction abilities will be automatically restored.
A file, FDIC_document.zip. is also attached to the e-mails and on investigating the file, Sophos termed it as Mal/BredoZp-B. As the file contains a PDF icon and as Windows 7 does not display known file extensions, the file quite easily can deceive the users. As such, Sophos recommends its users from opening the attachment as it is likely to infect their computers.
Actually, the file is a computer Trojan serving as a distribution platform for other malware. This indicates that running it will likely cause multiple infections in the computer. This new campaign of multiple infections came to fore when spam traffic have soared the highest level over the past two years. Security researchers hold the view that the cyber crooks are trying to rebuild their botnets that had been ignored during the summer holidays as they might have been probably busy preparing for the holidays.
Security experts while warning users against the spam attack has asked them to prevent extra alert, especially while opening the e-mail attachment. Experts have also warned users to be more preventive specially while opening attachment mail or before downloading any file, as it may contain virus and harm the system.
Last but not least, security experts have also suggested users to use high quality security solutions and update all antivirus software regularly to mitigate future risks to their computer.
Related article: Malware Authors Turn More Insidious
» SPAMfighter News - 09-09-2011