Fake FDIC Emails Spread Malware

By on August 30th, 2011 13:53 GMT

Security researchers from Sophos warn about a wave of malicious emails posing as official notifications from the Federal Deposit Insurance Corporation (FDIC).

The rogue emails bear a subject of "FDIC notification" and have their headers spoofed to appear as originating from a no.reply@fdic.gov address.

As most spam emails, the body message is full of mistakes, which should serve as indication that it did not originate from a government agency. It reads:

"Your account ACH and WIRE transaction have been temporarily suspended for security reasons due to the expiration of your security version.

"To download and install the newest installations read the document(pdf) attached below. As soon as it is setup, you transaction abilities will be fully restored."

The attachment is called FDIC_document.zip and contains an executable file of the same name. The file has a PDF icon and since Windows 7 does not display known file extensions, it might easily trick users.

The file is actually a computer trojan that serves as a distribution platform for other malware. This means that running it will probably result in multiple infections.

This new campaign comes at a time when the malicious spam traffic has spiked to the highest level in the past two years. Security researchers believe that cyber criminals are trying to rebuild their botnets that have been neglected during the summer vacations in preparation for the holidays.

Users are strongly advised to always treat email attachments with suspicion. Scanning such files with multi-engine services like VirusTotal is highly recommended. When in doubt about the legitimacy of an email it is always best to check with the corresponding organization over the phone.

"Take care folks, and remember to keep your security software up-to-date and your wits about you," advises Graham Cluley, a senior technology consultant at Sophos.

1 Comment