Malicious Attacks on Depositors Via Phony FDIC Warnings

This has been a season of malicious attacks, starting last month when we informed users about an increase in spam containing malware. Coincidentally, we are seeing different methods of luring or scaring recipients to download malicious programs. In the past few weeks we reported spam attacks with malicious links that included MJ’s leaked song spam attack and the hunting the airplane game. In this recently monitored attack, we observed a typical phishing email that encourages users to click and download executable files.
Sample image of the message:

As shown in the above image, a fake FDIC alert warns users of a bank failure. This message tries to convince users to visit the official FDIC website and check their deposit insurance coverage. Malware campaigners have provided steps in the message to be performed by the recipients to rectify the situation. First to click the URL provided in the message, and then download and open their personal insurance file from the malicious website. It is quite obvious that the downloadable file is unsafe and should not be executed.

Subject lines used in this spam campaign are as follows:
you need to check your Bank Deposit Insurance Coverage
FDIC alert: check your Bank Deposit Insurance Coverage
FDIC has officially named your bank a failed bank
Sample Image of the malicious website:

This (continue reading...)