Sponsored by..

Thursday, 15 December 2011

FDIC spam / sownload.zapto.org and 63.223.78.19

The spam tsunami continues today with a set of new malware URLs to block. This one allegedly comes from the FDIC in the US.

Date:      Fri, 16 Dec 2011 04:12:15 +0400
From:      "Freeman Ballard" [Freeman.Ballard@campioni.info]
Subject:      URGENT! Security system updates

Dear Sirs,

In order to prevent new cases of wire fraud, we have introduced a new security system. In this connection all the account transactions of our customers have been suspended unless the special security requirements are met.. In order to rehabilitate your account, you need to

Install a special security software. Please use the link below to read the instructions for the installation of the latest security version.

We apologize for the inconveniences caused to you by this measure.
Please do not hesitate to contact us if you have any questions.

Sincerely yours,

FDIC Call Center 1-877-275-3342 (1-877-ASKFDIC)
or Email Address: consumer-service@fdic.gov
8:00 am - 8:00 pm ET; Monday-Friday
9:00 am - 5:00 pm ET; Saturday-Sunday
For the Hearing Impaired Toll Free 1-800-925-4618 / Local (VA) 703-562-2289

The link goes through a legitimate hacked site and tries to direct the user to a malicious page at sownload.zapto.org/main.php?page=db3408bf080473cf hosted on 63.223.78.199 (InfraVPS Network Solutions, Philippines). Blocking the IP address is preferable because there may more other malicious domains on that server.

1 comment:

Nicolas Krassas said...

On this spam attack the attackers seem to use stolen credentials from valid user accounts.