A phishing campaign via the Donbot botnet has been spamming unsuspecting Bank of America customers, according to a blog post by Rodel Mendrez at M86 Security Labs.
Online banking customers who’ve been targeted receive an e-mail that appears to be from Bank of America instructing the user to confirm their online banking details. After downloading an attachment that claims it’ll restore customer’s account access, researchers found the phishing trick.
In reality the attachment is a RAR file, “BillingVerification.exe,” that produces an HTML phishing form. After victims input their sensitive information — social security numbers, IP addresses, credit card information and the like — their data is compromised. M86 discovered some customers have already been duped as users’ sensitive information can be found in files on the server.
While lacking the notoriety of fellow spam-spewing botnets like Rustock and Pushdo, the second-tier Donbot sends out about 800 million spam emails a day, according to a report from TechRepublic early last year.
As we’ve seen in the past, the spam business remains profitable as each botnet has its own ebb and flow. With spam continuing to reassert its presence in the new year, Donbot seems to be playing into this pattern.