Fred Touchette has some more details about this phishing scam in . Touchette explains, "We often see, as everyone is aware of, malware campaigns that pretend to come from major banking institutions, but I can't recall having seen any that come from their insurers before."

That is true. Phishing scams targeting specific banks or credit unions are fairly common. This threat--by virtue of claiming to be from the FDIC that insures the deposits of virtually all financial institutions--has a much larger pool of potential victims. Basically, rather than only targeting Bank of America, or Wells Fargo, or some other bank, this phishing scam targets anyone with a bank account.

Unfortunately--at least for the attackers--the message is a bunch of grammatically error prone gibberish. "In order to inform you about the news concerning current business activity of the Company on a timely basis, please, look through the last important changes in current regulations of endowment insurance procedure" doesn't even make sense, so hopefully it is unlikely to lure too many naïve victims to actually open the file attachment as directed.

Touchette describes the actual threat behind the FDIC phishing attack. "In actuality the attachment is a Trojan downloader, one we've become very accustomed to--Oficla. Oficla is responsible for doing the hard work, which is tricking you into installing it and opening up the backdoor and letting in all of its ne'er-do-well buddies. In the past these have included everything from scareware viruses to data loggers such as ZeuS and everything in between."

With malware and , you would think the attackers could afford to fluent in English and perhaps do some grammar-proofing and spell-checking of these messages before launching the attack. I'm not trying to help the bad guys, but come on--this phishing message is so bad it wouldn't fool my eight year old.