August 31, 2011
Security researchers from Sophos reported a wave of malicious e-mails posing as official notifications from the Federal Deposit Insurance Corporation (FDIC) August 30. The rogue e-mails bear a subject of “FDIC notification” and have their headers spoofed to appear as originating from a firstname.lastname@example.org address.
As most spam e-mails, the body message is full of mistakes, which should serve as indication that it did not originate from a government agency. The fake emails contain an attachment named FDIC_document.zip as well as an executable file of the same name. The file has a PDF icon and since Windows 7 does not display known file extensions, it might easily trick users. The file is actually a computer Trojan that serves as a distribution platform for other malware. This means that running it will probably result in multiple infections.
Read the full story at Softpedia.com.