FDIC notification malware attack spammed out

Sophos’s worldwide network of honeytraps are intercepting a large amount of malicious email, claiming to come from the Federal Deposit Insurance Corporation (FDIC). The emails are designed to infect recipients’ computers.

Malicious FDIC notification email

Subject line:

FDIC Notification

Message body:

Dear customer,
Your account ACH and WIRE transaction have been temporarily suspended for security reasons due to the expiration of your security version. To download and install the newest installations read the document(pdf) attached below.

As soon as it is setup, you transaction abilities will be fully restored.

Best Regards, Online Security departament, Federal Deposit Insurance Corporation.

Attached to the emails is a file called FDIC_document.zip.

Sophos proactively detects the file, calling it Mal/BredoZp-B. Our advice is that you should not open the attachment as it will attempt to infect your Windows computer.

Take care folks, and remember to keep your security software up-to-date and your wits about you. You should always be suspicious of unsolicited email attachments.