Malicious Fake ABA Websites

The American Bankers Association is the latest organization to be used as a lure by the Pushdo/Cutwail / Zeus gang. Today we are seeing the following spam being sent by this group:

Some of the subjects we have seen are:

An unauthorized transaction billed from your bank account

An unauthorized transaction billed to your bank card

unauthorized transaction

unauthorized transaction billed from your bank card

The link is to http://getreport.aba.com.[Random looking domain] /ABAservices/reportgeneration.php which goes to this website:

As with previous campaigns by this group, an IFrame on this page delivers exploits from the FSPACK exploit kit. When we visited this page in our lab using the Firefox browser, we were prompted to download a PDF file. Had we opened this file with a vulnerable version of Adobe Reader, our test machine would have been infected with Zeus. FSPACK also exploits several vulnerabilities in Internet Explorer and Adobe Flash.

Clicking on the 'Generate Transaction Report' will prompt you to download the file transactionreport.exe. This is the Zeus/Zbot Trojan horse.