Jump to content

Trojan hides in fake Citibank e-mail


havnblast

Recommended Posts

An e-mail purporting to be from Citibank carries a Trojan virus that plants a back door on an infected computer, allowing a hacker to use the machine as a channel for other activities on the Internet.E-mail-security company MessageLabs on Wednesday afternoon reported the new e-mail virus, which has been dubbed Troj/Downloader!4c52 or Downloader-DI.The first copies of the e-mail have come from Australia, with more than 400 copies spotted so far, according to the company.The attachment is named www.citybankhomeloan.htm.pif. Once clicked, the Trojan attempts to download a further component from a free hosting website located in Russia.After activation, this Trojan copies itself to the Windows System folder and installs a .DLL file, which enables the Trojan to acts as a proxy server, allowing a hacker to channel Internet activities through the infected computer without the recipient's knowledge, according to MessageLabs.The channel between the remote computer and the infected computer is encrypted.Any activity that the hacker carries out on the Internet, if traced back, will show the address of the infected PC.The Trojan arrives as an attachment to an e-mail that seemed to have been spammed from a number of different IP addresses around the world.The attachment has a double extension ending in .htm.pif. The sender's e-mail address is forged, and does not indicate the true identity of the sender, said MessageLabs.The message contains:From: Account ManagerSubject: Re: Your credit applicationText:Dear Sir!|Thank you for your online application for a Home Equity Loan.In order to be approved for any loan application we pull your Credit Profile and Chexsystems information, which didn't satisfy our minimum needs. Consequently, we regret to say that we cannot approve you for Home Equity Loan at this time.*Attached are copy of your Credit Profile and Your Application that you submitted with us. Please take a close look at it, you will receive hard copy by mail withing [sic] next few days.
Source
Link to comment
Share on other sites

Guest LilBambi

Thanks havnblast!Did you notice that they linked to the ZDNET article here:Trojan hides in fake Citibank e-mail, where some discussion has already begun in the TalkBack section under the article:

Citibank Trojan doesn't need attachment Email can arrive with information such as "$195 has been deposited in 'your business' account by Mr.Brown. Please click the link below to check your account status." (no attachment) The link takes you to a false Citibank site where the Trojan lurks. We reported this to several authorities in both the U.S. and Canada 2-3 months ago. The authentic Citibank site carries a warning about this, thought your readers would want to know.
Edited by LilBambi
Link to comment
Share on other sites

Guest ThunderRiver

I have heard a lot of complains regarding Citibank over the years. Perhaps, that's the main reason why it has always been the primary target. I am with Comerica, and I haven't had such problem yet so far.

Link to comment
Share on other sites

I have heard a lot of complains regarding Citibank over the years. Perhaps, that's the main reason why it has always been the primary target.
They go after the most popular to get the best chance of takers. Same reason most viruses attach Windows. Complaints have nothing to do with it.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...