Last visit was: Fri Jul 04, 2014 9:31 pm
It is currently Fri Jul 04, 2014 9:31 pm

Federal Reserve Spam


All times are UTC - 5 hours [ DST ]


 [ 5 posts ] 
Author Message
 PostPosted: Thu Mar 17, 2011 10:59 pm   
Getting started
User avatar

Joined: Thu Jun 17, 2010 5:37 pm
Posts: 18
There has been a fairly well documented recent batch of Federal Reserve spam/phish being sent out. As documented here: http://garwarner.blogspot.com/2011/03/federal-reserve-spam.html

I never found an active domain while it was going on (GoDaddy did a nice job of cleaning the malicious domains), but from what I understand it was dropping some banking trojans. Does anyone happen to know which trojan specifically it was dropping? Or does anyone happen to have a copy of the malware, unfortunately I find myself needing to dig into this specific incident.

Thanks,
Helly


Top
 Profile  
 PostPosted: Fri Mar 18, 2011 12:17 am   
Spam Muncher
User avatar

Joined: Thu Dec 25, 2008 8:39 pm
Posts: 786
From the previous incident of this type "Nacha":
[url] http://www.computersecurityarticles.inf ... d-to-zeus/
[/url]

_________________
Verloren ist nur, wer sich selbst aufgibt!


Top
 Profile  
 PostPosted: Fri Mar 18, 2011 12:42 am   
Spammer Killing Machine
User avatar

Joined: Sun Jun 13, 2010 5:22 pm
Posts: 528
(I deleted my remark because I decided that it was irrelevant to this thread. It is errie to see "Entireweb [spider] browsing this forum" as I edit.)


Top
 Profile  
 PostPosted: Fri Mar 18, 2011 1:23 am   
You are kiillllling-a my bizinisss!
User avatar

Joined: Thu Mar 01, 2007 3:01 am
Posts: 5915
NotBuyingIt wrote:
It is errie to see "Entireweb [spider] browsing this forum" as I edit.)


Yeah, since we realized we could add additional user agents besides Yahoo and Google, it's pretty amazing how many of our guests are actually bots. I didn't realize Alexa = Internet Wayback Machine, either.


Top
 Profile  
 PostPosted: Mon Apr 25, 2011 7:32 pm   
New member
User avatar

Joined: Fri Nov 19, 2010 10:42 pm
Posts: 1
these attacks continue unbated. the most recent occurred on 2011-04-22 and spoofed NACHA.

the attacks all follow the same patterns and all drop Zeus 2.1.


Top
 Profile  
 [ 5 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Wayback machine and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Style originally created by Volize © 2003 • Redesigned SkyLine by MartectX © 2008