Fake FDIC bank deposit insurance coverage notification leading to ZBot

Trojan bankrupts computers under the cover of Federal Deposit Insurance Corporation

This week’s malware distribution campaign, relying on a
medium size spam wave, features the abusive use of the governmental independent
agency name and identification elements to swindle the recession-panicked
account owners into downloading and endangering their computers.


The unsolicited message informs the assumed holders of an FDIC-insured
bank account that the agency has declared the bankruptcy of the supposed
financial institution where their accounts were opened. The message also asks
the recipients to check the status of their deposit insurance coverage, by
following an alleged customized link towards the Federal Deposit Insurance
Corporation Web site.


The link does not lead to the agency portal, but to a Web
page (registered on a .uk domain) that mimics a personal insurance
on-line account, employing several visual identification components of the
original FDIC Web site (namely the logo and the general formatting elements).

The page also provides a purported PDF and Word document
that the user should download and fill in. However, upon downloading the fake
files, the user does not receive the insurance e-form, but two executables
carrying a malicious payload, currently detected by BitDefender as
Trojan.Zbot.DLO, which is, in effect, another version of the infamous ZBot.

This long-lasting Trojan is still very prolific, as proven
by the last weeks’ malware dissemination campaigns that exploited
IRS’ identity
. This breed also has rootkit components that facilitate its
hidden installation onto the compromised machines, either in the Windows or
Program Files directory. ZBot injects code into several processes and adds
exceptions to the Microsoft

About the author


With a humanities passion and background (BA and MA in Comparative Literature at the Faculty of Letters, University of Bucharest) - complemented by an avid interest for the IT world and its stunning evolution, I joined in the autumn of 2003 the chief editors' team from Niculescu Publishing House, as IT&C Chief Editor, where (among many other things) I coordinated the Romanian version of the well-known SAMS Teach Yourself in 24 Hours series. In 2005 I accepted two new challenges and became Junior Lecturer at the Faculty of Letters (to quote U2 - "A Sort of Homecoming") and Lead Technical Writer at BluePhoenix Solutions.

After leaving from BluePhoenix in 2008, I rediscovered "all that technical jazz" with the E-Threat Analysis and Communication Team at BitDefender, the creator of one of the industry's fastest and most effective lines of internationally certified security software. Here I produce a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases. Every now and then, I enjoy scrutinizing the convolutions of e-criminals' "not-so-beautiful mind" and, in counterpart, the new defensive trends throughout posts on

Balancing the keen and until late in night (please read "early morning") reading (fiction and comparative literature studies mostly) with Internet "addiction", the genuine zeal for my bright and fervid students with the craze for the latest discoveries in science and technology, I also enjoy taking not very usual pictures (I'm not a pro, but if you want to see the world through my lenses, here are some samples, messing around with DTP programs to put out some nifty book layouts and wacky t-shirts, roaming the world (I can hardly wait to come back in the Big Apple), and last but not least, driving my small Korean car throughout the intricacies of our metropolis's traffic.