A new wave of spam being pumped out by the Pushdo botnet is exploiting the FDIC and attempting to capitalize on worries about the economy. The spams are made to look like they came from the FDIC and inform the recipient that their bank has failed and urges them to click on the included link to make sure their accounts have been insured.

The link actually leads to a malicious website that downloads the Zbot Trojan, which adds the computer to the Pushdo botnet and uses it to send out more FDIC spams. The Trojan also monitors the computer’s web activity and activates a keylogger whenever it detects banking, financial or e-commerce site. The users personal information and logon credentials are stolen and sent to the hacker’s server where they are stored and used for identity theft or sold to other criminals.

Pushdo is also using Facebook to acquire new zombies. Recipents receive an email with an attached file. The email is said to come from “The Facebook Team” and tells the recipient their password has been changed for security purposes and they should open the attachment to retrieve their new one. A hidden .exe file is contained within it and once opened downloads Zbot.

Pushdo was previously responsible for the flood of IRS spams that have become the top spam campaign on the net, and before that for a flood of spams that exploited the tragic death of pop icon Michael Jackson. Look for Pushdo to launch new spam campaigns in the near future, most likely timed to take advantage of the upcoming holiday season.