IT administrators should be on the lookout for a new round of spam claiming to come from the Federal Reserve Bank. It tries to redirect users to a malware-serving website, the Shadowserver Foundation warned Wednesday. The volunteer watchdog said the emails contain a link to a website that attempts to load a number of exploits, including some for PDF and Flash, in the background with hopes of infecting machines with a trojan. Shadowserver listed a number of offending domains being used in the ploy. — DK
One campaign posed as an HR department mandating vaccine information, another leveraged an XSS flaw to disguise a malicious download, and a third leveraged Verizon's Vzwpix service to mass-distribute emails.