Fake FCI Exchange report emails carry malware infection

by Graham Cluley on April 10, 2012 | 1 Comment

Filed Under: Featured, Malware, Spam

SophosLabs is intercepting a large number of malicious emails that have been spammed out across the internet.

The emails, which use a variety of subject lines, refer to selling real estate notes and claim to come from a firm called FCI Exchange.

Here's a typical example:

FCI email malware attack

Hello,

We wanted to let you know that FCI Exchange, The Nation's Leading Note
Trading Platform is searching for real estate note owners interested in selling.

For additional Information refer to attched FCI Exchange Report

Remember FCI Exchange has thousands of buyers ready to act and
there are no charges until a note is purchased. We look forward to
working with you.

Subject lines used in the malicious email campaign include:

We sell Real Estate notes
Performing Notes Wanted
RE notes wanted

Attached to the emails is a ZIP file (typically called FCI_Exchange_Report_[random number].zip) which contains a malicious file designed to infect Windows computers.

Sophos security products are being updated to detect the malware as Troj/Dorkbot-BL (the emails are already being intercepted as spam).

Please remember to keep your wits about you, and never open unsolicited email attachments - it could be designed to infect your computer.

Tags: , , ,

One Response to Fake FCI Exchange report emails carry malware infection

  1. bob says:
    April 13, 2012 at 6:44 pm

    Something new today on wifes email went out to her address book, simply says 'Hi' on subject. She received no address daemons back-maybe erases addresses? Don't know yet, her cousin called to warn from Florida, who unfortunately opened it which says something about working from home. 10:30 Pacific Time

    Reply Report comment

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

About the author

Graham Cluley has worked in the computer security industry for more than 20 years, developing anti-virus software and doing quite a lot of talking about internet threats. He's won awards for his blogging, but is proudest of the text adventure games he wrote when he was still wearing short trousers. You can learn more about those (the games, not the trousers) at grahamcluley.com. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.