Fake e-mails delivering virus to users’ inboxes, says expert
October 28th, 2009 - 4:30 pm ICT by ANIWashington, Oct 28 (ANI): A fake email, apparently from the Federal Deposit Insurance Corporation (FDIC), can steal bank passwords and other sensitive personal information from unsuspecting victims, according to a computer forensic expert.
Gary Warner, the director of research in computer forensics at the University of Alabama at Birmingham (UAB), has said that cyber criminals are sending the spam mails with one of two subject lines-’FDIC has officially named your bank a failed bank’ or ‘You need to check your Bank Deposit Insurance Coverage’.
He said that the moment the message is opened, the spam asks users to visit a specific Web site, a link to which is included in the message.
Those that follow the link are taken to a page that asks them to click and download a copy of “your personal FDIC insurance file.”
“Unfortunately, anyone who clicks that download link will be downloading a version of the Zeus Bot virus, which has the capacity to steal bank passwords and other financial and personal information,” said Warner.
Warner and his colleagues in the UAB Spam Data Mine have been tracking the new spam for a number of days and report its delivery volume to be very high.
The spam claims to be from the e-mail address consumeralerts@fdic.gov, which is a real e-mail address used by the FDIC, but has actually been forged by the malware distributors in this situation, said Warner.
“The cyber criminals behind this spam have gone to great lengths to mimic the logos and look of FDIC communications, including going so far as to forge an official FDIC e-mail address in an effort to confuse consumers into following links and downloading harmful programs.
“As is the case with any agency or company e-mail, do not follow links or click downloads embedded in the messages. Instead, visit the site in question through your Web browser and log in as you normally would. If an entity has an important message for you, you’ll be able to find it on its Web page.
“Legitimate companies will never ask you to download programs or enter your personal information via an e-mail,” he added. (ANI)
- Jacko death probe spam a threat to bank account numbers, passwords - Jul 04, 2009
- Fake Internet postcards linked to most prevalent U.S. computer virus - Jul 27, 2009
- Beware! Fake online postcards infested with deadly virus - Jul 25, 2009
- Cyber criminals targeting World Cup fans: Internet security firm - Mar 23, 2010
- Beware of Valentine's spam, warns IT security firm - Feb 13, 2012
- Sex movie virus spreading like wildfire across the Internet - Sep 11, 2010
- "Here You Have" e-mail virus wreaking havoc on servers across the world - Sep 10, 2010
- Spam emails claiming celeb deaths contain virus, spyware - Aug 25, 2010
- Twitter accounts hacked, flooded with spam - Dec 14, 2010
- Russia targets 1 man & one-fifth of the world's spam reduces - Oct 29, 2010
- Wave of spams counter Facebook joy over Osama's death - May 03, 2011
- Malicious software links featuring bin-Laden's pics could be a virus: FBI - May 04, 2011
- How criminals use Facebook to commit crime - Dec 20, 2010
- Obamas Tuesday speech being used by cyber criminals to commit fraud - Nov 08, 2008
- Facebook Email Scam, McAfee Issues Warning - Mar 19, 2010
Tags: alabama at birmingham, computer forensic expert, computer forensics, cyber criminals, delivery volume, deposit insurance corporation, deposit insurance coverage, director of research, e mail address, fake email, fdic insurance, federal deposit insurance, federal deposit insurance corporation, federal deposit insurance corporation fdic, great lengths, spam mails, subject lines, university of alabama at birmingham, unsuspecting victims, zeus bot