Tag Archives: FDIC

Cybercriminals spamvertise millions of FDIC ‘Your activity is discontinued’ themed emails, serve client-side exploits and malware

Posted on by

By Dancho Danchev

A currently ongoing spam campaign attempts to trick users into thinking that their ability to send Domestic Wire Transfers has been disabled. Impersonating the Federal Deposit Insurance Corporation (FDIC), the cybercriminals behind the campaign are potentially earning thousands of dollars in the process of monetizing the anticipated traffic.

Once users click on the bogus ‘secure download link’, they’re automatically exposed to the client-side exploits served by the Black Hole Exploit Kit.

More details:

Continue reading

Cybercriminals impersonate FDIC, serve client-side exploits and malware

Posted on by

By Dancho Danchev

Over the past 24 hours, cybercriminals started spamvertising millions of emails impersonating the Federal Deposit Insurance Corporation (FDIC), in an attempt to trick businesses into installing a bogus and non-existent security tool promoted in the emails. Upon clicking on the links, users are exposed to the client-side exploits served by the Black Hole Exploit Kit.

More details:

Continue reading

Lazy Phishers Just Email the Phishing Web Page to You, Now

Posted on by

By Andrew Brandt

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to FurlAdd to Newsvine

20091026_bofa_phish_withatt_cropIt was a particularly busy weekend for spammers, especially the creepy, evil ones who are trying to steal information (as opposed to the merely scungy pill vendors and their ilk). Webroot’s Threat Research team has recently seen a glut of phishing messages which, like most, purport to come from banks and ask you to update your account information. But unlike most phishing messages, which contain a link to a Web site, these phishing messages include an attached HTML file which, in essence, puts the phishing page right on your hard drive.

When launched, the HTML file renders a sparse but effective phishing form in the browser. The pages warn the victim that “This account has been temporarily suspended for security reasons” and ask the victim to “confirm that you are the rightful owner of this account” — by providing the “bank” with a wide range of personally identifiable information they should already have, and never would ask you to provide through a Web-based form in the circumstances described in the message.

20091026_bofa_phish_form_clean_cropThese pages also pull graphics from the banks’ Web sites–activity that, when it comes from a phishing site hosted on a server not belonging to the targeted bank, typically alerts the banks to phishy behavior. Because the graphics are loaded only once, from the desktop of the targeted victim, the banks can’t put a stop to it before it’s too late.

Continue reading