FDIC emails regarding your business account contains the ZBot trojan


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “FDIC: About your business account V3NV-9435223” – the numbers my change with each email message.

The email is send from the spoofed address “Federal Deposit Insurance Company”and has the following body:

Dear Business Customer,
We have important information about your bank.
Please refer to attached file to view information.
This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership
FDIC USA Questions for FDIC?
Contact Us
Federal Insurance Company
� 3501 Fairfax Drive
� Arlington VA 22226
� 877-275-3342

The attached ZIP file has the name FDIC_Information_About-your-business-account-07193.zip and contains the 205 kB large file FDIC – Important Information About your business account.exe.

The trojan is known as PWS-Zbot.gen.hb (McAfee), Trojan.Zbot (Symantec), Win32.Outbreak!IK (Emsisoft).

At the time of writing, only 5 of the 43 AV engines did detect the trojan at Virus Total.

Virus Total permalink and MD5: c1e121392a4ee3a1822e944367bcd3e6.