Bank of America Phish

Discussion in 'malware problems & news' started by herbalist, Feb 4, 2008.

Thread Status:
Not open for further replies.
  1. herbalist

    herbalist Guest

    A slightly different twist on the usual Phish.
    Digital Certificate Update Site.
    BOA phish w-malware.gif
    VirusTotal scan of certificate install program.

    ~virus total results removed per announcement~

    Rick
     
    Last edited by a moderator: Feb 4, 2008
  2. herbalist

    herbalist Guest

    My apologies. I wasn't trying to compare products.

    The VirusTotal scan was included to show that only 6 of the 32 scanners detected the malware in that file. At Jotti, only one scanner found malware, and that was a heuristic detection.
    Rick
     
  3. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Never heard of Bank Of America Direct. It is "obligatory to all Bank of America Direct customers"? LOL If so, then cancel my subscription. ;)
     
  4. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    A possible acronym for Bank of America Direct could be BAD. ;)
     
  5. cortez

    cortez Registered Member

    Joined:
    Nov 19, 2006
    Posts:
    444
    Location:
    Chicago
    I called the Bank of America about a similar scam involving their institution and the operator seemed indifferent/nonplussed and suggested not to cash the small "free" check as it would incur a charge since it was bogus.

    It seems that they are quite used to scams and have become jaded.
     
  6. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I received a spam message yesterday that is almost the same as the noted above, except that it said that I had to install the digital certificate file or my access to Bank of America would continue to be interrupted. Of course, I went to the website and my access was NOT interrupted. :p :rolleyes:
     
  7. herbalist

    herbalist Guest

    When I submitted the file to VirusTotal and Jotti on the 4th, most all of the detections were heuristic. When I tried to add it to my collection, I had to name the folder, "Unknown malware". None of them had given it a name.

    Today I had them scan the file again.
    The detection rate is still under 50%, 4 days later :ouch: So much for AVs and hourly updating.

    The most common names being used are:
    Trojan.Win32.Agent.exm
    W32/Banload.XUQ
    W32/NewMalware-Rootkit-PX-based!Maximus

    Rick
     
Loading...
Thread Status:
Not open for further replies.