Trojan-Spy.HTML.Citifraud.dh

Jest to trojan podszywaj膮cy si臋 pod stron臋 HTML. Jego celem jest kradzie偶 poufnych danych klient贸w Citibanku.

Trojan dociera do potencjalnej ofiary jako sfa艂szowana wiadomo艣膰 e-mail od Citibanku:

E-mail zawiera odsy艂acz prowadz膮cy do exploita luki Frame Spoof w przegl膮darce Internet Explorer.

Wiadomo艣膰 ma nast臋puj膮c膮 tre艣膰:

Welcome to Citibank Online!

Dear Citibank Member,

As part of our security measures, we regularly screen activity in the Citibank
system. We recently contacted you after noticing an issue on your account. We
requested information from you for the following reason:

We have reason to believe that your account was accessed by a third party.
Because protecting the security of your account is our primary concern, we have
limited access to sensitive Citibank account features. We understand that this may
be an inconvenience but please understand that this temporary limitation is for
your protection.

Case ID Number: PP-112-491-524

This is a third and final reminder to log in to Citibank as soon as possible.

Once you log in, you will be provided with steps to restore your account
access. We appreciate your understanding as we work to ensure account safety.

In accordance with Citibank User Agreement, your account access will remain
limited until the issue has been resolved. Unfortunately, if access to your
account remains limited for an extended period of time, it may result in further
limitations or eventual account closure. We encourage you to log in to your
Citibank account as soon as possible to help avoid this.

To review your account and some or all of the information that Citibank used to
make its decision to limit your account access, please visit the Resolution
Center. If, after reviewing your account information, you seek further
clarification regarding your account access.

We thank you for your prompt attention to this matter. Please understand that
this is a security measure intended to help protect you and your account. We
apologize for any inconvenience.

Sincerely,
Citibank Account Review Department

Citibank Email ID PP638

--------------------------------------------------------------------------------
Why is my account access limited?
Your account access has been limited for the following reason's:
Mar. 29, 2006: We have reason to believe that your account was accessed by a third 
party. Because protecting the security of your account is our primary concern, we have 
limited access to sensitive CitiCards account features. We understand that this may be 
an inconvenience but please understand that this temporary limitation is for your 
protection.

(Your case ID for this reason is PP-154-572-158.)

Luka Frame Spoof (MS04-004) wyst臋puje w przegl膮darce Internet Explorer w wersji 5.x oraz 6.x. Firma Microsoft opublikowa艂a specjalny dokument, w kt贸rym opisuje t臋 luk臋 oraz wyja艣nia, w jaki spos贸b mo偶na odr贸偶ni膰 sfa艂szowane odsy艂acze od prawdziwych.

Gdy u偶ytkownik kliknie odsy艂acz i wprowadzi swoje dane dotycz膮ce konta do formularza, trafi膮 one do cyberprzest臋pcy, kt贸ry uzyska pe艂ny dost臋p do konta bankowego u偶ytkownika.