Wat is dat nu weer in mijn mailbox, een berichtje uit Brazilië met de volgende inhoud:
This e-mail was sent to you by Banco do Brazil’s Computer Security Incident Response Team (CSIRT). Banco do Brasil is the largest bank in Brazil, South America. Our web site is located at https://www.bb.com.br and our customer financial service can be accessed at https://www2.bancobrasil.com.br/aapf/aai/login.pbk.
Some crackers are using *your* infrastructure to host a trojan horse designed to steal sensitive information (office branch, account number and PIN) from our clients.
How the fraud occurs:
1. Spam mail is sent to random e-mail addresses in Brazil (not necessarily using your computers)
2. The e-mail sends the victims where the trojan is located (PLEASE SEE BELOW).
3. The victim’s computer is compromised by the trojan horse
4. The trojan horse acquires sensitive information and sends the data to the cracker.
5. The cracker then impersonates our client in the official Banco do Brasil Internet banking page and frauds the account.
We are requesting that you take every possible action to prevent the use of your services in this scam.
This case is under investigation by law enforcement agencies in Brazil. In the meantime we need your help to block/disable this site/account. By doing this we can minimize the extension of the security incident. Additionally, we would welcome any information/log/archive/scrips concerning this case.
Banco do Brasil
CSIRT - Computer Security Incident Response Team
[email protected] https://www.bb.com.br
The trojan is located at:
Ttulo Cd Msg Email
https://***(weggehaald om veiligheidsredenen)/abb.cmd
In eerste instantie dacht ik: "banken sturen nooit dergelijke vertrouwelijke mailtjes per e-mail dus dit zal wel weer een hoax zijn".
Totdat ik enkele uren later een mailtje kreeg van mijn provider ...