Threat Advisory Warnings From Federal Reserve Bank | Threat Research

BOULDER, CO - February 3, 2009

Webroot, a leading security provider for the consumer, enterprise and SMB markets, has detected a phishing scam exploiting the names of the Federal Reserve Bank and other federal entities to fool consumers into clicking Web links that infect their PCs with spyware.

A phony e-mail from the Federal Reserve Bank warns of a "large-scale phishing attack" on banks and credit unions that took place January 21. A link to "more detailed information about affected banks and U.S. Treasury restrictions" leads to a fake Web site that infects victims' computers with malware designed to harvest their Web site and POP3 e-mail account usernames and passwords.

Webroot has identified the malware as Trojan-Backdoor-Graypigeon deploying malware via drive-by download. The cyber criminals behind the scam have recycled the e-mail message a number of times; the FDIC reported a previous version of the e-mail January 20. But the domains linked in the message continually change and suggest the message’s origin may be legitimate. All point to one PC on China Railcom’s IP address space that was hijacked to carry out the phishing attacks.

"Webroot has uncovered a new twist on phishing for financial gain," said Mike Kronenberg, chief technology officer, Consumer Business, Webroot. "In this case, phishers are capitalizing on widespread concern over the current state of the U.S. finance industry. Over 3.5 million Americans fell victim to phishing in 2007 according to recent research, and we can expect scammers to continue launching attacks against unsuspecting people. PC users should protect themselves by always avoiding unfamiliar URLs and questionable e-mails, and by having proven antispyware, antivirus and firewall software in place."

The malware and some of the domains identified as part of this scam are now blocked by Webroot® Internet Security Essentials.

ウェブルートについて

ウェブルートは Smarter Cybersecurityのソリューションプロバイダです。インテリジェントなエンドポイント保護および脅威インテリジェンス・サービスによって「モノのインターネット」(IoT=Internet of Things)のセキュリティを実現。クラウドベースで予測型の総合脅威インテリジェンス・プラットフォームを活用することによって、コンピュータ、タブレット、スマートフォン、そしてあらゆるデバイスをマルウェアや他のサイバー攻撃から保護しています。高い評価を受けているSecureAnywhereインテリジェント・エンドポイント保護とBrightCloud脅威インテリジェンス・サービスは、世界中で数千万台以上のエンドユーザ、企業、エンタープライズ機器を守っています。ウェブルートのテクノロジーは、業界トップリーダーであるCisco、F5 Networks、HP、Microsoft、Palo Alto Networks、RSA、Arubaなどのソリューションに採用され、高い信頼を得ています。本社を米国コロラド州に置き、北米、欧州、アジア環太平洋、日本でビジネス展開しています。Smarter Cybersecurityの詳細はウェブサイトhttps://www.webroot.com/jp/ja/ をご参照ください。