Researchers at Check Point (our parent company) recently detected evolving phishing and bot attacks. The attackers are sending phishing emails purporting to be from Citibank or Bank of America. The malicious emails contain subject lines like “Merchant Statement” and invite recipients to open an infected Microsoft Word attachment with names, such as “Statement ID 4657-345-347-0332.doc”.
Instead of a legitimate statement, the attachment contains malware that if opened, automatically executes, infects your computer, and renders it under the control of a larger bot network. The malware can open network ports, steal user credentials, such as logins and passwords, and act as a self-propagating spam bot ready to execute any new attack instructions and spread malicious emails to other targets – a unique aspect of these attacks.
These attacks are variations of a similar one that was conducted last year, and take advantage of a vulnerability in Microsoft’s Windows Common Controls as described in CVE-2012-0158. The attack can successfully infect both Windows 7 and Windows XP platforms.
Bank-related phishing e-mails remain popular. We all notice a message from our bank, and we are likely to feel a sense of urgency to click or act fast. Remember not to open attachments from unsolicited emails from your bank or other organizations. When you receive a suspicious e-mail in your inbox, always be wary, and when in doubt, use the phone and call your bank. Also, make sure your security software is running and up to date. Stay safe!
Another Round of Email Phishing Attacks: Don’t Get Hooked! - ZoneAlarm Blog