ABA Used as Lure in Malware Spam

The American Bankers Association is the latest group to be used by hackers to try and spread malware.

Other well-known names in the industry have been used as bait in phishing emails, including the FDIC, US Treasury, Internal Revenue Service and many financial institutions. The ABA issued an alert to its members.

The M86 Security blog first reported on Jan. 26 that the nation's largest banking association's name was being used by the Pushdo/Cutwail/Zeus gang to lure people who received emails that appeared to come from the ABA. If the person clicked on the email's embedded link, it took them to a page that appeared to be on the ABA website that says an unauthorized transaction was billed to their bank card.

"As with previous campaigns by this group, an IFrame on this page delivers exploits from the FSPACK exploit kit," M86 Security says. "When we visited this page in our lab using the Firefox browser, we were prompted to download a PDF file."

If the file was opened with a vulnerable version of Adobe Reader, M86 Security says its test machine would have been infected with Zeus. They warn that the FSPACK also exploits several vulnerabilities in Internet Explorer and Adobe Flash.

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.