FDIC Spam Paves the Way for Info Stealer

Written by: Bernadette Caraig

How does this threat get into users' systems?


The threat arrives via spammed messages purporting to come from the Federal Insurance Deposit Corporation (FDIC). The email messages trick users into clicking an embedded link so they can check their Deposit Insurance Coverage.


How does this threat affect users?


Users who click the embedded URL are redirected to a site that provides a download link for the supposed official document. In reality, however, the said document is an .EXE file detected by Trend Micro as TSPY_ZBOT.AZH.


How does this threat make money for its perpetrators?


The Trojan spyware monitors bank or other financial institutions' sites from which it attempts to steal sensitive online banking information such as user names and passwords. This routine risks exposing user’s account information, which may then lead to the unauthorized use of the stolen data.


Who are at risk?


Clients of targeted online banking sites and Internet users who are not careful about providing their critical personal information are at risk.