From: UNIRAS (UK Govt CERT) [firstname.lastname@example.org]
Sent: 08 May 2003 17:17
Subject: UNIRAS Brief - 281/03 - banking scam
All internet users should be aware of an online banking scam that is currently affecting Internet users in the USA. There is a risk that the scam may spread to other countries.
The current scam takes the form of an email claiming to be from a US bank (Firstunion.com) that states that the bank has lost the recipients internet banking user name and password. The email recipient is then encouraged to click on a link to a web site which asks the user to enter their user name and password. The web site address is www.newtemp.com. System administrators should block access to this web site as it is currently still available. Visiting the web site also seems to download a remote access Trojan called Backdoor.Beastdoor or BackDoor-AMQ, which can be used to gain control of the users computer.