Malware is Posed as Complaint of FTC

According to news by ITnews on June 15, 2007, the US Federal Trade Commission (FTC) is the new government agency, which has emerged as a new target for emails strikes by hackers.

MX Logic, email security provider, has reported that there have been several cases of fraud emails which claim to be from the government organization.

The fake emails appear as messages notifying receivers that they've filed complaint with the agency and comes with an attachment of the copy of the complaint. On accessing the attachment, the system gets infected with a keylogger, which can be employed to pilfer login and confidential information.

FTC has come up with a report related to CAN-SPAM Act in 2005. The report notifies that FTC has not made any dent on the problems of mail. The malicious mail coming from outside the US continues to harm email users in US. The report also discusses about the latest trend of hackers, i.e. spam through which they spread deadly codes called malware. The report includes the fact that apart from advertisement, spams also consist of malware, which cause harm to the users.

These phishing emails are similar to "spoofing" and includes lines like "from" or "reply to" to make it appear like a genuine mail from an authorized company. However, the Forum recommended measures that can be adopted to solve the problems of spam.

Director of the MX Logic Threat Centre, Sam Masiello, said that the present attack resembles the earlier two spam runs where the sender impersonated as government agency. Again in January 2007, the hackers made use of the fake tax refund claims to attract customers. In May, scammers used the name of Better Business Bureau to install keylogger in the users's system.

According to news by Channelweb on June 15, 2007, Masiello said that it is certainly the work of the same spam group who is sending different kinds of spams and are probably hitting the same people every time.

Moreover, the attack follows the same sequence; they attack business managers and executives. Further, the attack has been reported to be highly personalized and it is believed that all three attacks use a harmful RTF file to install keyloggers on targeted PC. Masiello suggests that the user should immediately remove the file, if any suspicion arise.

Related article: Malware Authors Turn More Insidious

» SPAMfighter News - 6/30/2007