Alert: Fake BancorpSouth Emails Trick Users to Malware-Infected Websites

Gallery Icon

bill-swift - June 26, 2012

Online banking has made life a whole lot easier, there's no denying that. This is especially true if your bank of choice is out of the way from work or from your usual route home.

There's a new breed of email scams that's currently on the prowl right now for clueless victims who happen to have accounts with BancorpSouth. The bank is a rather large bank, with over three hundred branches located all through the country, including Alabama, Arkansas, Florida, Louisiana, Mississippi, Missouri, Tennessee, and Texas.

Security researchers from AppRiver report that emails purportedly from the predominantly-Southern based bank are being sent out to hundreds of thousands of emails, informing them of a potential security alert that has to do with their account.

This message is mailed to you regarding your online banking user password has been expired. Set up a new password by following these steps: 1. Log into your online banking by our secure link for Expired Password and entering the temporary password below.

-- BancorpSouth scam emails

If the way the email message is worded isn't warning enough, then the link to where the email leads to should provide another clue. But if the recipient doesn't catch on and clicks on the provided link, well, that's when all hell breaks loose.

The user is redirected through a series of domains and is eventually served the notorious Blackhole toolkit. This particular version utilizes Java exploit Java/CVE-2012-0507.BB. This trojan will read cookies and history logs, and tweaks browser network configurations to really take you for a spin.

A unique feature of the malware is that it self-destructs if it detects the presence of a debugger on the machine. It's a pretty smart move on the part of the malware coders, since developers won't be able to study them in this way.

As always, keep your computer safe by installing an anti-virus program and keeping it updated.

Tagged in: gear ,

Disclaimer: All rights reserved for writing and editorial content. No rights or credit claimed for any images featured on unless stated. If you own rights to any of the images because YOU ARE THE PHOTOGRAPHER and do not wish them to appear here, please contact us info(@) and they will be promptly removed. If you are a representative of the photographer, provide signed documentation in your query that you are acting on that individual's legal copyright holder status.