FTC spam contains keylogging trojan

Share this article:

The Federal Trade Commission is warning businesses to be on the lookout for spam that contains a trojan-laden attachment claiming to be a legal complaint against recipient.

The bogus emails appear to come from frauddep[at]ftc[dot] gov, a spoofed address, and contain the actual logo for the FTC in an attempt to establish legitimacy. The text says that "a complaint has been filed against you and the company you're affiliated with," a social engineering tactic used to dupe victims into opening the attachment.

"Once you open the attachment, that's when the virus is launched and that's when they can start stealing your identifying information," David Torok, a director in the FTC's Bureau of Consumer Protection, told SCMagazineUS.com today.

The attachment contains a keylogging trojan that attempts to pilfer the usernames and passwords from victim's machines, he said.

The spam run began Monday and has been "pretty virulent and widespread," Torok said. Officials said they've received reports today, although they hope the campaign is short lived.

"We've received calls from some companies where every person in the company has received a copy," he said.

Dave Marcus, security researcher and communications manager for McAfee Avert Labs, told SCMagazineUS.com that users who run up-to-date anti-virus software should not be affected.

"Password stealers are a dime a dozen," he said, meaning that most anti-virus solutions have signatures in place to defend against such variants.

He said users should also look for tell-tale signs that the email is bogus. The FTC said the spam contained numerous spelling, grammatical and syntax errors – a common indicator of an email scam.

"When you get something from the FTC, you're not going to see things written by people who are obviously not native English speakers," Marcus said.

Torok said users should not click on links or attachments coming from untrusted or unknown sources.

"Most [federal] agencies won't be contacting companies in this manner, by an email," he said. "It's best to delete it, empty your inbox and go on with your business."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

President signs Executive Order to improve payment security

President signs Executive Order to improve payment security

President Obama signed an Executive Order at the Consumer Financial Protection Bureau calling for enhanced security measures, including microchips and PINs.

Security, tech firm coalition fights Hikit actors, other advanced groups

Security, tech firm coalition fights Hikit actors, other ...

The coalition began as an effort to stop the spread of the Hikit trojan, previously known for targeting U.S. defense contractors.

Phishing email delivers keylogger malware, also takes screenshots

Phishing email delivers keylogger malware, also takes screenshots

The malware has various features, including the ability to start persistently, take screenshots and bypass user access controls.