Federal Reserve Spam

A place to discuss malware of every flavor, e.g. Storm, Waledac, Conficker and Zeus

Federal Reserve Spam

Postby hellkyng » Thu Mar 17, 2011 10:59 pm

There has been a fairly well documented recent batch of Federal Reserve spam/phish being sent out. As documented here: http://garwarner.blogspot.com/2011/03/federal-reserve-spam.html

I never found an active domain while it was going on (GoDaddy did a nice job of cleaning the malicious domains), but from what I understand it was dropping some banking trojans. Does anyone happen to know which trojan specifically it was dropping? Or does anyone happen to have a copy of the malware, unfortunately I find myself needing to dig into this specific incident.

Thanks,
Helly
hellkyng
Getting started
 
Posts: 18
Joined: Thu Jun 17, 2010 5:37 pm

Re: Federal Reserve Spam

Postby Volksjaeger » Fri Mar 18, 2011 12:17 am

From the previous incident of this type "Nacha":
[url] http://www.computersecurityarticles.inf ... d-to-zeus/
[/url]
Verloren ist nur, wer sich selbst aufgibt!
User avatar
Volksjaeger
Spam Muncher
 
Posts: 787
Joined: Thu Dec 25, 2008 8:39 pm

Re: Federal Reserve Spam

Postby NotBuyingIt » Fri Mar 18, 2011 12:42 am

(I deleted my remark because I decided that it was irrelevant to this thread. It is errie to see "Entireweb [spider] browsing this forum" as I edit.)
NotBuyingIt
Spammer Killing Machine
 
Posts: 607
Joined: Sun Jun 13, 2010 5:22 pm

Re: Federal Reserve Spam

Postby AlphaCentauri » Fri Mar 18, 2011 1:23 am

NotBuyingIt wrote: It is errie to see "Entireweb [spider] browsing this forum" as I edit.)


Yeah, since we realized we could add additional user agents besides Yahoo and Google, it's pretty amazing how many of our guests are actually bots. I didn't realize Alexa = Internet Wayback Machine, either.
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: Federal Reserve Spam

Postby moranned » Mon Apr 25, 2011 7:32 pm

these attacks continue unbated. the most recent occurred on 2011-04-22 and spoofed NACHA.

the attacks all follow the same patterns and all drop Zeus 2.1.
moranned
New member
 
Posts: 1
Joined: Fri Nov 19, 2010 10:42 pm


Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest