National Australian Bank hit by phishing attack
Date: June 19, 2006Source: Channel Register
By:
A phishing email claiming that The National Australia Bank (NAB) is bankrupt has caught more than 1,000 of the bank's customers in its net.
The email warns the bank's customers that NAB might be bankrupt. It claims the bank's ATMs are not working and that people are starting panic withdrawals. It invites them to click on a link that will provide them with more information.
You won't be surprised to learn that this link in fact downloads a Trojan onto the hapless banker's machine. This steals their bank login details and password when they follow the rest of the emailed "advice" to go online to check their balance.
Websense Australia manager Joel Camissar told IDG that the code monitors computer activity until the dupe tries to log into their bank. At this point it launches a phoney pop-up login window, which captures the user's information.
The code exploits a well-known flaw in IE to do its dirty work, and is a variation of the Banker virus, discovered by Websense in early April. Microsoft issued its patch shortly afterwards. Firefox users might also be vulnerable, according to reports.
Add comment
Email to a Friend
