Webroot Threat Advisory: Phony Warnings from the Federal Reserve Bank Aim to Swindle Americans

Boulder, CO – February 3, 2009

Webroot, a leading security provider for the consumer, enterprise and SMB markets, has detected a phishing scam exploiting the names of the Federal Reserve Bank and other federal entities to fool consumers into clicking Web links that infect their PCs with spyware.

A phony e-mail from the Federal Reserve Bank warns of a "large-scale phishing attack" on banks and credit unions that took place January 21. A link to "more detailed information about affected banks and U.S. Treasury restrictions" leads to a fake Web site that infects victims' computers with malware designed to harvest their Web site and POP3 e-mail account usernames and passwords.

Webroot has identified the malware as Trojan-Backdoor-Graypigeon deploying malware via drive-by download. The cyber criminals behind the scam have recycled the e-mail message a number of times; the FDIC reported a previous version of the e-mail January 20. But the domains linked in the message continually change and suggest the message's origin may be legitimate. All point to one PC on China Railcom's IP address space that was hijacked to carry out the phishing attacks.

"Webroot has uncovered a new twist on phishing for financial gain," said Mike Kronenberg, chief technology officer, Consumer Business, Webroot. "In this case, phishers are capitalizing on widespread concern over the current state of the U.S. finance industry. Over 3.5 million Americans fell victim to phishing in 2007 according to recent research, and we can expect scammers to continue launching attacks against unsuspecting people. PC users should protect themselves by always avoiding unfamiliar URLs and questionable e-mails, and by having proven antispyware, antivirus and firewall software in place."

The malware and some of the domains identified as part of this scam are now blocked by Webroot® Internet Security Essentials.


©2014 Webroot Inc. All rights reserved. Webroot, SecureAnywhere, and Webroot SecureAnywhere are trademarks or registered trademarks of Webroot Inc. in the United States and other countries.

ACERCA DE WEBROOT

Webroot® is the market leader in cloud delivered security software as a service (SaaS) solutions for consumers, businesses and enterprises. We have revolutionized Internet security to protect all the ways you connect online. Webroot delivers real-time advanced internet threat protection to customers through its BrightCloud® security intelligence platform, and its SecureAnywhere™ suite of cloud-based security products for endpoints, mobile devices and corporate networks. Webroot protege a más de 7 millones de consumidores, 1.5 millones de usuarios empresariales y 1.3 millones de usuarios de dispositivos móviles. Market leading security companies, including Cisco, F5, gateprotect, Palo Alto Networks, RSA, SOTI, Telenor, and others choose Webroot to provide advanced Internet threat protection for their products and services. Webroot, fundado en 1997 y con sede en Colorado, es la mayor compañía privada de seguridad en Internet de los Estados Unidos, la cual opera globalmente en América del Norte, Europa y la región del Asia Pacífico. For more information on our products and services, visit www.webroot.com.