TOKYO (MacHouse) – According to Wikipedia, Colonial Bank is the 27th largest bank in the U.S. It has 300 branches across southeastern states and Nevada and Texas. Its website is located at http://www.colonialbankc.com. (See Screenshot 01.)
Screenshot 01 – Source: Colonial Bank
Screenshot 02 – Source: MacHouse
Screenshot 03 – Source: id746.com
Yesterday, we reported a phishing e-mail message targeting JP Morgan Chase Manhattan Bank customers. More than 2 hours ago, an organized cyber crime group sent out a phishing message targeting Colonial Bank customers and Internet users. The title of the message is “ColonialBank Corporate Important Security Notification – ref: 2518.” (See Screenshot 02.) And the message says
By following the link below you will begin the procedure of the customer certificate update:
The phrase above is then followed by a fake hyperlink. The underlying link actually forwards Internet users to a scam website hosted at the domain of id746.com. (See Screenshot 03.) We don’t know their entire plan. But they use this website to distribute a Windows-based file to infect Internet users with a group of trojan horse derivatives.
An organized cyber crime group sent out a phishing message involving Colonial Bank about 4 PM (U.S. PST), June 24, just some 2 hours ago. The link given in the message is shown as
, but the underlying link is actually
with no security layer. The scam website was active at the time of publishing this report.
The scam website instructs Internet users to download a file by clicking on a link that says ‘Download certificate >>.’ The resulting Window-based file is labeled ‘ColonialBankECERTv04510.exe.’ Moreover, there is another link given on the scam website. If one clicks on the link that says ‘Certificate installation completed, go to my account >>,’ he or she will end up with a blank page with a security layer. (See Screenshot 04.)
Screenshot 04 – Source: Colonial Bank
Screenshot 05 – Source: MacHouse
Screenshot 06 – Source: MacHouse
According to Norton AntiVirus, the downloaded file contains a computer virus known as Backdoor.Trojan, which only affects Windows OS users. (See Screenshot 05-6.) Symantec says
Backdoor.Trojan is a generic detection for a group of Trojan horse programs that open a back door and allow a remote attacker to have unauthorized access to the compromised computer.
We will have a more detailed report in several hours.
Click on the button to watch a documentation video.
Click on the button to watch more documentation videos.
Colonial Bank – Wikipedia
Backdoor.Trojan – Symantec.com
Warning: Phishing Website Targeting Chase Manhattan Bank Customers Active (2) – Possible Polish and Chinese Connections
Warning: Phishing Website Targeting Chase Manhattan Bank Customers Active (1)