Webroot, a leading security provider for the consumer, enterprise and SMB markets, has detected a phishing scam exploiting the names of the Federal Reserve Bank and other federal entities to fool consumers into clicking Web links that infect their PCs with spyware.
A phony e-mail from the Federal Reserve Bank warns of a "large-scale phishing attack" on banks and credit unions that took place January 21. A link to "more detailed information about affected banks and U.S. Treasury restrictions" leads to a fake Web site that infects victims' computers with malware designed to harvest their Web site and POP3 e-mail account usernames and passwords.
Webroot has identified the malware as Trojan-Backdoor-Graypigeon deploying malware via drive-by download. The cyber criminals behind the scam have recycled the e-mail message a number of times; the FDIC reported a previous version of the e-mail January 20. But the domains linked in the message continually change and suggest the message’s origin may be legitimate. All point to one PC on China Railcom’s IP address space that was hijacked to carry out the phishing attacks.
"Webroot has uncovered a new twist on phishing for financial gain," said Mike Kronenberg, chief technology officer, Consumer Business, Webroot. "In this case, phishers are capitalizing on widespread concern over the current state of the U.S. finance industry. Over 3.5 million Americans fell victim to phishing in 2007 according to recent research, and we can expect scammers to continue launching attacks against unsuspecting people. PC users should protect themselves by always avoiding unfamiliar URLs and questionable e-mails, and by having proven antispyware, antivirus and firewall software in place."
The malware and some of the domains identified as part of this scam are now blocked by Webroot® Internet Security Essentials.