Deconstructing the Fake FTC Email Virus Attack

A targeted email virus disguised as an identity theft inquiry from the Federal Trade Commission appears to have successfully compromised more than 500 PCs, including victims at banks, real estate brokerages, law firms and marketing companies.

Each of the victims received the invitation to open the virus-infected attachment via an e-mail that addressed the recipient by name, and in some cases included the name of the recipient's employer. Security Fix was able to gain access to one of several Internet addresses where data stolen from victims' PCs was uploaded by the virus. The link did not require a user name or password. There are several security outfits working to get the site taken down, but the longer it stays live there is the potential that the sensitive information could be obtained by more criminals. Deconstructing the Fake FTC E-mail Virus Attack - Security Fix

Linked by shanmuga Tuesday, 6th November 2007 12:44AM