Banking Trojan Attacks Customers of Fifth Third Bank

CA Internet Security Business Unit recently received fresh spam mails that purported to be from Fifth Third Bank (US). The e-mails asked recipients to login their Internet banking account and get acquainted with the newly implemented measures for security by following the given web-link.

The message said that the bank was implementing new security features to help clients safeguard themselves from frauds. Consequently, users' bank account logging process would change. Furthermore, the message requested the recipient to log into his Internet banking account with the help of the web-link provided temporarily.

But on clicking the link, the user is diverted to a fake Fifth Third Bank web-page. There, he is asked to enter his banking credentials to access the account. However, on entering the login details (username and password), they are transmitted to a remote malevolent server.

Furthermore, the malicious scheme offers the victim "Digital Certificate" that could be downloaded and run to establish a personalized digital certificate.

But, according to the CA security investigators, the digital certificate is a malware - a variant of Zbot. The downloaded file 'certificate.exe' represents a Trojan that steals passwords and plants an active replica of itself called 'sdra64.exe' on the Windows System directory.

Even though a user may become suspicious prior to creating the digital certificate and decide to forgo it, he is still at risk of being infected. The bogus web-page conceals a disguised JavaScript carrying a malicious iFrame that leads to an attack code toolkit. This code eventually results in the download and execution of the Trojan.

Commenting on the technique which scammers have used, the investigators stated that by employing the highly successful multiple methods of attack, the Zbot owners were making sure that the infection rate was high enough to yield them profit.

Hence, the specialists advised that users should maintain vigilance against this kind of e-mails. They should also verify from their respective banks in case they got an e-mail regarding their accounts. Finally, they should maintain up-to-date antivirus and spam-filtering software.

Related article: Banking Sector Hacked by phishing Sites

» SPAMfighter News - 1/30/2010