Emails with subject “FDIC: About your business account” contains new trojan
January 10, 2012 Leave a Comment
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “FDIC: About your business account QHOFB1Z84963″ (the combination at the end will change with each email).
The email is send from the spoofed address “Federal Deposit Insurance Company <convened@fdic.gov>” and has the following body:
Dear Business Customer,
We have important information about your bank.
Please refer to attached file to view information.
This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership
Tue, 9 Jan 2012 12:11:34 +0100
FDIC USA Questions for FDIC?
Contact Us
Federal Insurance Company
3501 Fairfax Drive
Arlington VA 22226
877-275-3342
The attached ZIP file has the name FDIC_Information_About-your-business-account-JAN2012-223588.zip and contains the *** kB large file FDIC_Information_About-your-business-account-Jan-2012.exe (numbers will change)
The trojan is known as PWS-Zbot.gen.ma (McAfee), Trj/Zbot.L (Panda), Mal/Zbot-EZ (Sophos) and UDS:DangerousObject.Multi.Generic (Kaspersky).
At the time of writing, only 6 of the 43 AV engines did detect the trojan at Virus Total.
Virus Total permalink and MD5:4d9e26f544458084261d715a44d13e03.
