TRENDING:

ABA Used as Lure in Malware Spam

Linda McGlassonJanuary 29, 2010     The American Bankers Association is the latest group to be used by hackers to try and spread malware.

Other well-known names in the industry have been used as bait in phishing emails, including the FDIC, US Treasury, Internal Revenue Service and many financial institutions. The ABA issued an alert to its members.

The M86 Security blog first reported on Jan. 26 that the nation's largest banking association's name was being used by the Pushdo/Cutwail/Zeus gang to lure people who received emails that appeared to come from the ABA. If the person clicked on the email's embedded link, it took them to a page that appeared to be on the ABA website that says an unauthorized transaction was billed to their bank card.

"As with previous campaigns by this group, an IFrame on this page delivers exploits from the FSPACK exploit kit," M86 Security says. "When we visited this page in our lab using the Firefox browser, we were prompted to download a PDF file."

If the file was opened with a vulnerable version of Adobe Reader, M86 Security says its test machine would have been infected with Zeus. They warn that the FSPACK also exploits several vulnerabilities in Internet Explorer and Adobe Flash.

Previous
Philly FRB: Lessons Learned from Heartland Data Breach
Next
Texas Bank Sues Customer After $800,000 Scam

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.



Around the Network

Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.