Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    Spammed email messages supposedly from The United States Federal Reserve Bank warn their recipients of a “large-scale phishing attack” affecting several banks and credit unions. A spammed message may look like this:


    Figure 1. Sample spammed message.

    The email message gives details on the supposed phishing attack and adds that the US Treasury Department has also monitored a high level of illegal wire transfers. Having told recipients that, the email message then informs them of restrictions imposed on federal wire transfers as part of security measures being taken by concerned government agencies.

    The message helpfully gives some links where users can get more detailed information. But instead of being directed to a legitimate website, those who click are led to .org domains with names completely different from the websites of the Federal Reserve Bank, the Treasury Department, or the Federal Deposit Insurance Corporation.

    Trend Micro engineers are currently investigating this threat. We will post updates as soon as more information becomes available. Other related attacks that use the names of legitimate government organizations or mask themselves as security measures include the following:

    Users are advised to refrain from clicking links in unsolicited email messages. It is best to go directly to the website of the concerned organization for more information.

    Updates as of November 11, 2008 6PM PST: Users who unfortunately click on the links in the spam infect their PCs with TROJ_INJECT.DG. This Trojan restarts systems and drops TROJ_INJECT.KQ. TROJ_INJECT.KQ opens a hiddend Internet Explorer window and connects to a certain website to send and receive information.

    Updates as of November 13, 2008 2AM PST: TROJ_INJECT.KQ opens a hidden Internet Explorer window to connect to a certain website. It sends to and receives information from this site, compromising system security.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice