Search Engine Optimization & Web Hosting Solution

TOKYO (MacHouse) - According to Wikipedia, Colonial Bank is the 27th largest bank in the U.S. It has 300 branches across southeastern states and Nevada and Texas. Its website is located at http://www.colonialbankc.com. (See Screenshot 01.)

Screenshot 01 - Source: Colonial Bank

Screenshot 02 - Source: MacHouse

Screenshot 03 - Source: id746.com

Yesterday, we reported a phishing e-mail message targeting JP Morgan Chase Manhattan Bank customers. More than 2 hours ago, an organized cyber crime group sent out a phishing message targeting Colonial Bank customers and Internet users. The title of the message is “ColonialBank Corporate Important Security Notification - ref: 2518.” (See Screenshot 02.) And the message says






By following the link below you will begin the procedure of the customer certificate update:






The phrase above is then followed by a fake hyperlink. The underlying link actually forwards Internet users to a scam website hosted at the domain of id746.com. (See Screenshot 03.) We don’t know their entire plan. But they use this website to distribute a Windows-based file to infect Internet users with a group of trojan horse derivatives.






An organized cyber crime group sent out a phishing message involving Colonial Bank about 4 PM (U.S. PST), June 24, just some 2 hours ago. The link given in the message is shown as






https://connect7.colonialbank.com/NBB/?pid=17xvrpEFZDabczyOkhb








, but the underlying link is actually






https://ww8.colonialbank.com.id746.com/NBB/?ssid=3D17xvrpEFZDabczyOkhb






with no security layer. The scam website was active at the time of publishing this report.

The scam website instructs Internet users to download a file by clicking on a link that says ‘Download certificate >>.’ The resulting Window-based file is labeled ‘ColonialBankECERTv04510.exe.’ Moreover, there is another link given on the scam website. If one clicks on the link that says ‘Certificate installation completed, go to my account >>,’ he or she will end up with a blank page with a security layer. (See Screenshot 04.)

Screenshot 04 - Source: Colonial Bank

Screenshot 05 - Source: MacHouse

Screenshot 06 - Source: MacHouse

According to Norton AntiVirus, the downloaded file contains a computer virus known as Backdoor.Trojan, which only affects Windows OS users. (See Screenshot 05-6.) Symantec says






Backdoor.Trojan is a generic detection for a group of Trojan horse programs that open a back door and allow a remote attacker to have unauthorized access to the compromised computer.






We will have a more detailed report in several hours.






Click on the button to watch a documentation video.
Click on the button to watch more documentation videos.






References:

Colonial Bank - Wikipedia
Backdoor.Trojan - Symantec.com
Warning: Phishing Website Targeting Chase Manhattan Bank Customers Active (2) - Possible Polish and Chinese Connections
Warning: Phishing Website Targeting Chase Manhattan Bank Customers Active (1)

********** ********** ********** ********** ********** ********** ********** **********

MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?