New Critical Update - Trusteer Rapport BofA Virus

Submit to DeliciousSubmit to DiggSubmit to FacebookSubmit to Google PlusSubmit to StumbleuponSubmit to TechnoratiSubmit to LinkedInSubmit to Twitter

A phishing virus scam email is a fake Trusteer Rapport Safeguard "critical update" with zip attachment containing a virus.

Spoofs onlinebanking @ealerts.bankofamerica.com


Subject: New Critical Update

Valued Customer:

As part of our continued effort to enhance online banking safety,
Bank of America announced late last year that it has partnered
with Trusteer Rapport to add an additional layer of security to
our eBusiness platform and we recommend that all of our online
 banking customers install the software.

Proven Protection Against Fraud
Trusteer Rapport is an additional layer of security that provides
ongoing protection for your bank accounts from fraudulent transactions.
This software is different from other anti-virus programs and firewalls
because it secures your communication with Bank of America online
banking website, mitigates financial malware infections, and blocks
malicious attempts to access personal information and steal funds
from your account. Trusteer Rapport also communicates with Bank of
America to ensure that immediate action is taken against attempted
threats to your online accounts.

Additionally, Trusteer Rapport provides you with the following benefits:

Wire and ACH fraud prevention
Alerts to prevent phishing
Added security with no change required in user behavior

Availability
Trusteer Rapport is currently available to be installed from attached archive.

Thank you for allowing us the opportunity to provide quality security
solutions to your online banking. If you have any questions regarding this
new software, please contact our Customer Care Center .

Picture:

Picture of fake Trusteer Rapport email with virus

Header samples:

Received: from mail.fredandfred.com [198.211.192.34]
  X-Envelope-From: alignsipf @btc-bci.com
  From: "Bank Of America" <onlinebanking @ealerts.bankofamerica.com>
  Subject: New Critical Update

Received: from 99-195-118-29.dyn.centurytel.net [99.195.118.29] X-Envelope-From: takeoffi08 @heinemann.com From: "Bank Of America" <onlinebanking @ealerts.bankofamerica.com>
Subject: New Critical Update

Attachment example:

!Trusteer Rapport Install_6203148970668039450472761530890.zip containing Trusteer Rapport Install_(DIGIT[31]).exe with MD5 of 5aa0bd3bd921eb70660ae3a4b59e470d

VirusTotal report: here

Symantec 		Trojan.Gen 
Malwarebytes Trojan.Agent.RVGen5
Kaspersky Trojan-PSW.Win32.Tepfer.hukv
McAfee RDN/PWS-Zbot.ate!a
Microsoft PWS:Win32/Fareit.gen!C
AVG Crypt.BSIW

 

Song playing when article was written: Hope by The Descendents.

If this was at least a little helpful, how about a +1, Like, or Tweet?

 

Submit to DeliciousSubmit to DiggSubmit to FacebookSubmit to Google PlusSubmit to StumbleuponSubmit to TechnoratiSubmit to LinkedInSubmit to Twitter

Found something bad?

Do your part to clean it up!

Report malicious links to:

StopBadware.org

Report phishing links to:

Google Safebrowsing - Phishing

Netcraft Anti-Phishing

Send Virus Samples to:

Clam AV Database

Microsoft Anti-Malware DB

But most importantly:

Follow THL on Twitter

 

Submitting an email to THL

Submissions welcome!

 j (a-t) techhelplist (d-o-t) com

password zips with "slick-banana"

Some other GREAT resources

StopMalvertising

MyOnlineSecurity