‘FNBO Account Application’ is nothing but a zipped Malware

New malicious spam have been reported by Brett M. Christensen on Hoax-Slayer that is targeting First National Bank of Omaha (FNBO) customers. the email claims to be a confirmation for a new account with the bank but it obviously just a spoofed message that attach a zipped file allows attacker to install a malware.

The attachment file containing an executable that will run a Trojan horse which will grab sensitive information on victim machine and it will allow cyber-criminal to execute and control the machine remotely. the spam message include the following:

Re: Applicant #9908541042
Your application for an FNBO Direct account has been received. As an FNBO Direct customer, not only will you receive an exceptional interest rate, you can be confident your accounts are held by a bank established in values of trust, integrity, and security.
Please find in the attached document information concerning your application.
Copyright (c) 2014 FNBO Direct, a division of First National Bank of Omaha. All Rights Reserved. Deposit Accounts are offered by First National Bank of Omaha,
Member FDIC. Deposits are insured to the maximum permitted by law.
P.O. Box 3707, Omaha, NE 68103-0707
For information on FNBO Direct’s privacy policy, please visit [Link removed]
Email ID: A0963.6

(Email included attached file with the name: ‘FNBO_Direct_application_9908541042.zip’)

This type of attack involve social engineering to make the spam content looks similar to bank template and effective because not all security software will detect executable malware that is zipped in attachment. if you receive similar message make sure to move the spam to junk folder to update your spam filter definition. Also it is important to ignore/delete spams from unknown sources.

Notify of
Inline Feedbacks
View all comments