Business & Finance
News
10/29/2007
05:51 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Spam Spoofs FTC E-Mail To Distribute Keylogger

While the e-mail includes the FTC seal, it has grammatical errors, misspellings, and incorrect syntax.

The Federal Trade Commission, which regularly goes after spammers for violating the law, Monday warned that a spammer is sending out bogus e-mail messages that purport to come from the FTC.

The FTC said that the fraudulent e-mail makes reference to an FTC complaint supposedly filed against the message's recipient. The message includes links and an attachment that download a virus.

"Simply opening the e-mail does not appear to cause harm," said the FTC. "However, it is likely that anyone who has opened the e-mail's attachment or clicked on the links has downloaded the virus on their computer, and should run an anti-virus program. The virus appears to install a 'key logger' that could potentially grab passwords and account numbers."

The apparent originating e-mail address, frauddep@ftc.gov, is fraudulent, according to the FTC, as is the information in the messages return-path and reply-to fields. "While the e-mail includes the FTC seal, it has grammatical errors, misspellings, and incorrect syntax," the FTC said.

The FTC has asked recipients of such messages to forward them to spam@uce.gov and then to delete them.

Last week, SophosLabs said that the United States relayed 28.4% of the world's spam, more than fives times more than the number two relaying country, South Korea (5.2%). "Relaying" in this context refers to computers, "zombies" typically, that send spam at the behest of a remote spammer, who may or may not be in the same country.

"The problem is there are thousands of spammers using many thousands of compromised zombie computers in the US," said Carole Theriault, senior security consultant at Sophos, in a statement. "The only way we're going to reduce the problem is if US authorities invest a lot more in educating computer users of the dangers, while ensuring ISPs step up their monitoring efforts to identify these compromised machines as early as possible."

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.