Bank of America Phish

Discussion in 'malware problems & news' started by herbalist, Feb 4, 2008.

Thread Status:
Not open for further replies.
  1. herbalist

    herbalist Guest

    A slightly different twist on the usual Phish.
    Digital Certificate Update Site.
    BOA phish w-malware.gif
    VirusTotal scan of certificate install program.

    ~virus total results removed per announcement~

    Rick
     
    Last edited by a moderator: Feb 4, 2008
  2. herbalist

    herbalist Guest

    My apologies. I wasn't trying to compare products.

    The VirusTotal scan was included to show that only 6 of the 32 scanners detected the malware in that file. At Jotti, only one scanner found malware, and that was a heuristic detection.
    Rick
     
  3. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Never heard of Bank Of America Direct. It is "obligatory to all Bank of America Direct customers"? LOL If so, then cancel my subscription. ;)
     
  4. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    A possible acronym for Bank of America Direct could be BAD. ;)
     
  5. cortez

    cortez Registered Member

    Joined:
    Nov 19, 2006
    Posts:
    450
    Location:
    Chicago
    I called the Bank of America about a similar scam involving their institution and the operator seemed indifferent/nonplussed and suggested not to cash the small "free" check as it would incur a charge since it was bogus.

    It seems that they are quite used to scams and have become jaded.
     
  6. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I received a spam message yesterday that is almost the same as the noted above, except that it said that I had to install the digital certificate file or my access to Bank of America would continue to be interrupted. Of course, I went to the website and my access was NOT interrupted. :p :rolleyes:
     
  7. herbalist

    herbalist Guest

    When I submitted the file to VirusTotal and Jotti on the 4th, most all of the detections were heuristic. When I tried to add it to my collection, I had to name the folder, "Unknown malware". None of them had given it a name.

    Today I had them scan the file again.
    The detection rate is still under 50%, 4 days later :ouch: So much for AVs and hourly updating.

    The most common names being used are:
    Trojan.Win32.Agent.exm
    W32/Banload.XUQ
    W32/NewMalware-Rootkit-PX-based!Maximus

    Rick
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.