14 DAY TRIAL // M86 Security warns of a new spam run that generates malware-carrying emails purporting to come from the Federal Deposit Insurance Corporation (FDIC).
According to the M86 researchers, the emails are sent by Cutwail, a spam botnet which at its peak accounted for over 40% of the daily junk mail traffic.
The rogue notifications bear a subject of "Important information for depositors of Federal Deposit Insurance Corporation" and carry an attachment called FDIC_Document.zip.
The message contained within reads: "Attention! Dear Depositor, this message was sent to you as you had indicated this e-mail address as a contact, by opening an account in your bank department.
In order to inform you about the news concerning current business activity of the Company on a timely basis, please, look through the last important changes in current regulations of endowment insurance procedure. Please, refer to more detailed information in the attached document."
One straight giveaway that these emails are fake is the From field which lists a @ups.com address, a remnant from a fake UPS campaign the spammers forgot to change.
The malicious executable found inside the attached archive is a variant of SpyEye, a sophisticated and dangerous banking trojan used to steal financial and personal information from victims.
The new spam run is part of a recent wave of malware distribution campaigns that followed a period of silence at the beginning of the year.
A similar spam run was generated by the Asprox botnet and produced emails masquerading as package delivery notifications from Post Express. They distributed a copy of the spambot itself.
Another one was the work of the Cutwail gang and messages posed as UPS communications. The fake emails distributed a copy of the Sasfis trojan downloader.
Once ran, Sasfis idropped a recent version of SpyEye described by Trend Micro earlier this year, which appears to be have ZeuS features intergrated into it, including an anti-Trusteer Rapport component.