Donbot Botnet Exploiting Bank of America Customers

A phishing campaign via the Donbot botnet has been spamming unsuspecting Bank of America customers, according to a blog post by Rodel Mendrez at M86 Security Labs.Online banking customers who’ve been targeted receive an e-mail that appears to be from Bank of America instructing the user to confirm their online banking details. After downloading an attachment that claims it’ll restore customer’s account access, researchers found the phishing trick.

DonbotA phishing campaign via the Donbot botnet has been spamming unsuspecting Bank of America customers, according to a blog post by Rodel Mendrez at M86 Security Labs.

Online banking customers who’ve been targeted receive an e-mail that appears to be from Bank of America instructing the user to confirm their online banking details. After downloading an attachment that claims it’ll restore customer’s account access, researchers found the phishing trick.

In reality the attachment is a RAR file, “BillingVerification.exe,” that produces an HTML phishing form. After victims input their sensitive information — social security numbers, IP addresses, credit card information and the like — their data is compromised. M86 discovered some customers have already been duped as users’ sensitive information can be found in files on the server.

While lacking the notoriety of fellow spam-spewing botnets like Rustock and Pushdo, the second-tier Donbot sends out about 800 million spam emails a day, according to a report from TechRepublic early last year. 

As we’ve seen in the past, the spam business remains profitable as each botnet has its own ebb and flow. With spam continuing to reassert its presence in the new year, Donbot seems to be playing into this pattern.

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.

Discussion

  • RichardM on

    One of my spam email accounts, not even associated with anything remotely sensative, gets these emails a few times a week. I've never bothered to open them because I know its obviously a form of phishing but I don't believe I've seen any with attatchments. Guess I'll have to look a little closer next time around.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.