Submit to DiggSubmit to FacebookSubmit to Google PlusSubmit to StumbleuponSubmit to Twitter

A phishing virus scam email is a fake Trusteer Rapport Safeguard "critical update" with zip attachment containing a virus.

Spoofs onlinebanking

Subject: New Critical Update

Valued Customer:

As part of our continued effort to enhance online banking safety,
Bank of America announced late last year that it has partnered
with Trusteer Rapport to add an additional layer of security to
our eBusiness platform and we recommend that all of our online
 banking customers install the software.

Proven Protection Against Fraud
Trusteer Rapport is an additional layer of security that provides
ongoing protection for your bank accounts from fraudulent transactions.
This software is different from other anti-virus programs and firewalls
because it secures your communication with Bank of America online
banking website, mitigates financial malware infections, and blocks
malicious attempts to access personal information and steal funds
from your account. Trusteer Rapport also communicates with Bank of
America to ensure that immediate action is taken against attempted
threats to your online accounts.

Additionally, Trusteer Rapport provides you with the following benefits:

Wire and ACH fraud prevention
Alerts to prevent phishing
Added security with no change required in user behavior

Trusteer Rapport is currently available to be installed from attached archive.

Thank you for allowing us the opportunity to provide quality security
solutions to your online banking. If you have any questions regarding this
new software, please contact our Customer Care Center .


Picture of fake Trusteer Rapport email with virus

Header samples:

Received: from []
  X-Envelope-From: alignsipf
  From: "Bank Of America" <onlinebanking>
  Subject: New Critical Update

Received: from [] X-Envelope-From: takeoffi08 From: "Bank Of America" <onlinebanking>
Subject: New Critical Update

Attachment example:

!Trusteer Rapport containing Trusteer Rapport Install_(DIGIT[31]).exe with MD5 of 5aa0bd3bd921eb70660ae3a4b59e470d

VirusTotal report: here

Symantec 		Trojan.Gen 
Malwarebytes Trojan.Agent.RVGen5
Kaspersky Trojan-PSW.Win32.Tepfer.hukv
McAfee RDN/PWS-Zbot.ate!a
Microsoft PWS:Win32/Fareit.gen!C


Song playing when article was written: Hope by The Descendents.

If this was at least a little helpful, how about a +1, Like, or Tweet?

{jcomments on}