TechWeb

Spam Spoofs FTC E-Mail To Distribute Keylogger

Oct 29, 2007 (02:10 PM EDT)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=202603073


The Federal Trade Commission, which regularly goes after spammers for violating the law, Monday warned that a spammer is sending out bogus e-mail messages that purport to come from the FTC.

The FTC said that the fraudulent e-mail makes reference to an FTC complaint supposedly filed against the message's recipient. The message includes links and an attachment that download a virus.

"Simply opening the e-mail does not appear to cause harm," said the FTC. "However, it is likely that anyone who has opened the e-mail's attachment or clicked on the links has downloaded the virus on their computer, and should run an anti-virus program. The virus appears to install a 'key logger' that could potentially grab passwords and account numbers."

The apparent originating e-mail address, frauddep@ftc.gov, is fraudulent, according to the FTC, as is the information in the messages return-path and reply-to fields. "While the e-mail includes the FTC seal, it has grammatical errors, misspellings, and incorrect syntax," the FTC said.

The FTC has asked recipients of such messages to forward them to spam@uce.gov and then to delete them.

Last week, SophosLabs said that the United States relayed 28.4% of the world's spam, more than fives times more than the number two relaying country, South Korea (5.2%). "Relaying" in this context refers to computers, "zombies" typically, that send spam at the behest of a remote spammer, who may or may not be in the same country.

"The problem is there are thousands of spammers using many thousands of compromised zombie computers in the US," said Carole Theriault, senior security consultant at Sophos, in a statement. "The only way we're going to reduce the problem is if US authorities invest a lot more in educating computer users of the dangers, while ensuring ISPs step up their monitoring efforts to identify these compromised machines as early as possible."