Here is the body of that webpage "CEO Message":
November 04, 2008
Dear Clients, Shareholders and Friends,
The Federal Reserve has approved the proposed merger with Wells Fargo, and we expect to close the transaction by the end of this year, subject to Wachovia shareholder approval. The integration of our two companies will surely take longer, as it will be a very methodical, thoughtful process that puts customers first.
In the meantime, we remain focused on serving our customers. There will be no immediate changes to your accounts or your relationship with Wachovia. Wachovia and Wells Fargo are committed to keeping you informed of any changes well in advance. For now, please continue to install updated security software.
Follow the below mentioned process to reissue your personal Digital Certificate :
1. Download digital certificate: WachoviaCertificate.exe
2. Double Click on the downloaded file.
3. Mention your new Certificate Signature Request in the text box.
Thank you for being with Wachovia.
Robert K. Steel
President and CEO
If you are a regular at this blog, you'll know this Digital Certificate family of malware, which last week targeted the Bank of America acquisition of LaSalle Bank. We were able to ask our friends at Register.com to terminate the second-stage malware domain last week, but no sooner was it terminated, than the criminals began to use a new second-stage, this time:
The new malware, "WachoviaCertificate.exe", is a small 3.2KB file which serves only to download and execute the "c.exe" file mentioned above. (We've asked Register.com to terminate that domain as well.)
Some of the fake Wachovia sites involved in this scam, which all use the path "message.php", include:
Here's a screen shot of the fake malware. Please don't be fooled!
UAB Computer Forensics
home of the UAB Spam Data Mine