1 min read

Citibank Paymentech Electronic Merchant Billing Statement Spam Infects Users with ZBot

Loredana BOTEZATU

May 07, 2013

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Citibank Paymentech Electronic Merchant Billing Statement Spam Infects Users with ZBot

New spammed malware campaign aims at Citibank Paymentech clients to collect passwords and open backdoors for remote attackers to dispose of compromised systems at will.

This new campaign consists of random e-mails allegedly sent by a Citibank billing department. The electronic messages deliver as attachment an archived document hiding an executable malicious file.

In the body of the message, scammers ask recipients to avoid sending a direct reply and to look instead for contact details in the attached Statement ID (plus a string of random numbers).

Instead of a billing statement, the attachment contains one of the numerous variants of the Zbot malware ready to disable the system’s firewall, snatch passwords and open backdoors so remote attackers can reach and control the compromised machines and download further malware.

Bitdefender detects the attachment as Trojan.GenericKD.973769 and protects its customers from the menace.

Hoax Slayer reported a similar attack against Citi customers here.

It’s been barely three months since the last spam campaign targeting Citi customers for sensitive data serving people e-mails with “You have received a secure message” that was delivered with a dangerous securedoc.zip attachment.

The e-mail message in the current campaign is sloppy and messy, which should give even the untrained eye a sense of distrust and discourage readers from opening the malicious attachment.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

This article is based on the spam samples provided courtesy of Daniel ICHIM, Bitdefender Spam Researcher.

tags


Author


Loredana BOTEZATU

A blend of product manager and journalist with a pinch of e-threat analysis, Loredana writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair.

View all posts

You might also like

Bookmarks


loader