New spam: Your bank has failed, download this Trojan
Spam that tells victims their bank has failed urges them to on a link that will tell if their accounts are insured but that really tries to trick them into downloading a Trojan that will turn their machine into a bot.
If they download Zbot Trojan, it will take over the computer and have it send out more of the spam, says M86 in a security blog.
The spam is addressed as if it comes from the Federal Deposit Insurance Corp. (FDIC), but it’s not. “Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, some of which may be used to gain unauthorized access to on-line banking services or to conduct identity theft,” the FDIC says in a warning. The agency says it doesn't send out any unsolicited e-mails.
The link to the bogus FDIC site starts with www.fdic.gov, but it later contains a null character followed by the actual domain name, says Bradley Anstis, vice president of technology strategy at M86.
The FDIC spam is being sent by the Pushdo botnet, which has also recently been distributing a similar ruse having to do with the IRS and Michael Jackson, M86 says.
M86 says it has seen these subject lines on the FDIC spam: FDIC alert: check your Bank Deposit Insurance Coverage; FDIC has officially named your bank a failed bank; and You need to check your Bank Deposit Insurance Coverage.
Pushdo is also mailing a new Facebook-password ruse. The “From” field of the e-mail says “The Facebook Team” and urges recipients to open a zipped attachment that contains their new Facebook password. Their old password has been changed “to provide safety”, the spam says. The zipped file really contains the malicious Bredolab downloader, which downloads Pushdo and turns the victim’s machine into a bot that starts spamming more of the Facebook e-mails.
Because of its enormous membership, Facebook is the target of many scams, including ones to use the social networking site as a means to distribute malware.
Pushdo is the second most active bot, responsible for 29.4% of all spam behind Rustock, which is responsible for 37.8%, according to M86. The two go back and forth for first place, Anstis says.
Network World
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
botnet
Powered by TwitterOn Twitter now
botnet
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
