Sophos's worldwide network of honeytraps are intercepting a large amount of malicious email, claiming to come from the Federal Deposit Insurance Corporation (FDIC). The emails are designed to infect recipients' computers.
Subject line:
FDIC Notification
Message body:
Dear customer,
Your account ACH and WIRE transaction have been temporarily suspended for security reasons due to the expiration of your security version. To download and install the newest installations read the document(pdf) attached below.As soon as it is setup, you transaction abilities will be fully restored.
Best Regards, Online Security departament, Federal Deposit Insurance Corporation.
Attached to the emails is a file called FDIC_document.zip.
Sophos proactively detects the file, calling it Mal/BredoZp-B. Our advice is that you should not open the attachment as it will attempt to infect your Windows computer.
Take care folks, and remember to keep your security software up-to-date and your wits about you. You should always be suspicious of unsolicited email attachments.
Follow @gcluley
What about those who use web-based email like gmail or hotmail in their browsers?
Bad grammar, punctuation, spelling are regular clues to bogus stuff like this. In this instance,
"you transaction abilities" as opposed to "YOUR transaction abilities".
"As soon as it is setup" as opposed to "set up".
"Online Security departament" as opposed to "Online Security DeparTMENT".
Just got one of these, seemed like a pretty obvious malware attempt. They also apparently forgot to even attach the attachment to the e-mail; so double-fail on their part.
Good tip GordoK. Thanks.
The attachment contained FDIC_Document.exe whic was somekind of Trojan downloader. Was there any followup analysis of what it downloaded?