Webroot Threat Advisory: Phony Warnings from the Federal Reserve Bank Aim to Swindle Americans
Boulder, Colo., February 03, 2009
Webroot, a leading security provider for the consumer, enterprise and SMB markets, has detected a phishing scam exploiting the names of the Federal Reserve Bank and other federal entities to fool consumers into clicking Web links that infect their PCs with spyware.
A phony e-mail from the Federal Reserve Bank warns of a "large-scale phishing attack" on banks and credit unions that took place January 21. A link to "more detailed information about affected banks and U.S. Treasury restrictions" leads to a fake Web site that infects victims' computers with malware designed to harvest their Web site and POP3 e-mail account usernames and passwords.
Webroot has identified the malware as Trojan-Backdoor-Graypigeon deploying malware via drive-by download. The cyber criminals behind the scam have recycled the e-mail message a number of times; the FDIC reported a previous version of the e-mail January 20. But the domains linked in the message continually change and suggest the message’s origin may be legitimate. All point to one PC on China Railcom’s IP address space that was hijacked to carry out the phishing attacks.
"Webroot has uncovered a new twist on phishing for financial gain," said Mike Kronenberg, chief technology officer, Consumer Business, Webroot. "In this case, phishers are capitalizing on widespread concern over the current state of the U.S. finance industry. Over 3.5 million Americans fell victim to phishing in 2007 according to recent research, and we can expect scammers to continue launching attacks against unsuspecting people. PC users should protect themselves by always avoiding unfamiliar URLs and questionable e-mails, and by having proven antispyware, antivirus and firewall software in place."
The malware and some of the domains identified as part of this scam are now blocked by Webroot® Internet Security Essentials.
For tips from Webroot about protection against phishing and other Internet security threats, please visit the Webroot Security Center.
ABOUT WEBROOT
Webroot is bringing the power of software-as-a-service (SaaS) to Internet security with its suite of Webroot® SecureAnywhere™ offerings for consumers and businesses. Webroot also offers security intelligence solutions to organizations focused on cyber-security, such as Palo Alto Networks, F5, Corero, Juniper, and others. Founded in 1997 and headquartered in Colorado, Webroot is the largest privately held Internet security organization based in the United States. For more information, visit http://www.webroot.com or call 800.772.9383. Read the Webroot Threat Blog: http://blog.webroot.com. Follow Webroot on Twitter: http://twitter.com/webroot.
©2013 Webroot Inc. All rights reserved. Webroot, SecureAnywhere, and Webroot SecureAnywhere are trademarks or registered trademarks of Webroot Inc. in the United States and other countries.
Copyright 2004 - 2013 Webroot Inc.