Bank of America Military Bank Fraud

Operation e-Crime Storm

One of the most recent phishing raids complemented by a mass malware distribution campaign targets the US troopers who have deposited their money into accounts opened with Bank of America.

The unsolicited message besieges the military recipients with a notification about an important update of their accounts and asks them to follow a link leading to an alleged on-line form.

Figure 1 – The bombing phase – trying to “hook” the unwary users

However, the landing Web page does not pertain to the financial institution, but it is just an e-ambush meant to surrender soldiers’ credentials to the cybercriminals’ databases via the account.php script.

Figure 2 – The phishing ambush – stealing the login credentials

But there is more – after being villainously robbed of their login credentials, the incautious users are required to also download and install an executable of a so-called update tool, which is, in effect, just another version of the Bredolab Trojan.

Figure 3 The malware offensive – distributing Bredolab

Among other calamities, Bredolab is probably best known for two of the most disruptive effects malware can have on computer operation – installing Rogue AV and system spying.

To make sure you avoid this cybercriminal offensive, make sure you install a comprehensive security suite which provides antispam, antiphishing and antimalware protection to your system.

Safe surfing everybody!

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


With a humanities passion and background (BA and MA in Comparative Literature at the Faculty of Letters, University of Bucharest) - complemented by an avid interest for the IT world and its stunning evolution, I joined in the autumn of 2003 the chief editors' team from Niculescu Publishing House, as IT&C Chief Editor, where (among many other things) I coordinated the Romanian version of the well-known SAMS Teach Yourself in 24 Hours series. In 2005 I accepted two new challenges and became Junior Lecturer at the Faculty of Letters (to quote U2 - "A Sort of Homecoming") and Lead Technical Writer at BluePhoenix Solutions.

After leaving from BluePhoenix in 2008, I rediscovered "all that technical jazz" with the E-Threat Analysis and Communication Team at BitDefender, the creator of one of the industry's fastest and most effective lines of internationally certified security software. Here I produce a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases. Every now and then, I enjoy scrutinizing the convolutions of e-criminals' "not-so-beautiful mind" and, in counterpart, the new defensive trends throughout posts on

Balancing the keen and until late in night (please read "early morning") reading (fiction and comparative literature studies mostly) with Internet "addiction", the genuine zeal for my bright and fervid students with the craze for the latest discoveries in science and technology, I also enjoy taking not very usual pictures (I'm not a pro, but if you want to see the world through my lenses, here are some samples, messing around with DTP programs to put out some nifty book layouts and wacky t-shirts, roaming the world (I can hardly wait to come back in the Big Apple), and last but not least, driving my small Korean car throughout the intricacies of our metropolis's traffic.

1 Comment

Click here to post a comment
  • my account numbers were stole and this person were paying thier bills with it and I report to Bank of America/military they didn`t do anything to stop it. but they charge me with NSF,I had to close Account to stop this Person from doing more to me.