Phishing Attacks, Malware sent to businesses
Originally posted to wibc.com on 01/16/2012
Beware of Phishing Attack
A recent aggressive phishing attack is making the rounds in an email which appears to be from USAA, a financial services company that serves military members, their families, and veterans. The email subject begins with “Deposit Posted.” Members are asked to open a Zeus-infected attached file. Once opened, it launches a malicious virus which could provide access to personal information and may require a complete reinstall of the computer operating system. Other attacks have been directed at U.S. Military installations and defense facilities. For more information and to protect yourself, visit the APWG Consumer Advice website (http://www.antiphishing.org/consumer_recs.html), the Internet Crime Complaint Center website (http://www.ic3.gov/default.aspx), and the Wombat Securities Technologies website (http://wombatsecurity.com/antiphishingphil).
E-Mails Containing Malware Sent to Businesses Concerning Their Online Job Postings
01/19/2011—Recent FBI analysis reveals that cyber criminals engaging in ACH/wire transfer fraud have targeted businesses by responding via e-mail to employment opportunities posted online.
Recently, more than $150,000 was stolen from a U.S. business via unauthorized wire transfer as a result of an e-mail the business received that contained malware. The malware was embedded in an e-mail response to a job posting the business placed on an employment website and allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company. The malicious actor changed the account settings to allow the sending of wire transfers, one to the Ukraine and two to domestic accounts. The malware was identified as a Bredolab variant, svrwsc.exe. This malware was connected to the ZeuS/Zbot Trojan, which is commonly used by cyber criminals to defraud U.S. businesses.
For more information on this type of fraud and prevention tips, please refer to the links below:
Anyone who believes they have been a target this type of attack should immediately contact their financial institutions and local FBI office and promptly report it to the IC3’s website at http://www.ic3.gov. The IC3’s complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration. The IC3 also uses complaint information to identify emerging trends and patterns.