January 18th, 2004

Morgan Webb 2


This is a notification to all users that have gotten email from supposedly the 'U.S. Bank' with the subject "Your account at U.S. Bank has been suspended.". It's not just a spam letter but it's encapsulated with a trojan virus ...

If you open this email out of curiousity, chances are your system is infected with this trojan horse. If you don't have one installed, you should a good anti-virus program running and up-to-date.

Dear U.S. Bank account holder,

We regret to inform you, that we had to block your U.S. Bank account because we have been notified that your account may have been compromised by outside parties.

Our terms and conditions you agreed to state that your account must always be under your control or those you designate at all times.

We have noticed some activity related to your account that indicates that other parties may have access and or control of your information in your account.

These parties have in the past been involved with money laundering, illegal drugs, terrorism and various Federal Title 18 violations.

In order that you may access your account we must verify your identity by clicking on the link below.

Please be aware that until we can verify your identity no further access to your account will be allowed and we will have no other liability for your account or any transactions that may have occurred as a result of your failure to reactivate your account as instructed below.

Thank you for your time and consideration in this matter.


Before you reactivate your account, all payments have been frozen, and you will not be able to use your account in any way until we have verified your identity.

Now clicking on the link will actually take you to:

http://www.usbank.com=01@bos.es.kr/index.htm => http://bos.es.kr/index.htm

Now, besides the fact that I don't have an account with the 'U.S. Bank' any request for account information/validation should always be treated with the utmost scrutiny. But what makes this email worse than most email scams looking for information are those that comes embedded with a virus/trojan horse so you can't even check out the message.

Anyways... beware.

Go here for the MovableType entry.