Content

Bank spammers try to catch U.K. napping

More than 2.4 million emails containing the trojan-downloader Win32.small.cfg were sent to U.K. businesses late Sunday night before the anti-virus community could react, an IT security firm warned today.

According to managed security provider BlackSpider Technologies, the trojan was spammed at 9 p.m. London time on Thursday and was specifically designed to exploit the longest possible window of exposure between its release and the first anti-virus vendors issuing a patch. The virus stopped shortly after Symantec issued a patch at 10:45 a.m. on the morning of Jan. 27.

The subject line of the virus is: YOUR BILL PAYMENT NOT APPROVED!

The body of the text reads:

Dear client!

We are unable to obtain the bill payment from your bank account. Your bank returned the following error to us:

BILL PAYMENT NOT APPROVED

BILL #5563880

 

Billed To:

PBS (Payroll and Business Service) Ltd

3 Castle Quay

Castle Boulevard

Nottingham

NG7 1FW

United Kingdom

Order Number: 1104102

Receipt Date: 24/01/06

Total Amount: GBP 755.00

We recently received a report of e-banking use associated with this account. As a precaution, we have limited access to your account in order to protect against future unauthorized transactions.You can check your transaction details in attachment.

Case ID Number: BILL#5563880

 

Please understand that this is a security measure intended to help protect you and your account.

We apologize for any inconvenience this may cause.

Thank You,

PBS LTD.

The attachment is a packed FSG executable called BILL#5563880.

James Kay, chief technology officer, BlackSpider Technologies, warned: "This trojan was successful in achieving what appears to be its main purpose – to reach as many inboxes as possible before the anti-virus industry could react."

"Last year we saw many attempts to infect PCs during the window of exposure and that trend looks set to continue in 2006," he said. "Businesses that are not using proactive intelligent threat-prevention technology to tackle new viruses are leaving themselves at serious risk from infection, as today's outbreak shows."

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.