Sponsored by..

Monday 16 September 2013

Walls Fargo spam / WellsFargo - Important Documents.zip

This fake Wells Fargo spam has a malicious attachment:

Date:      Mon, 16 Sep 2013 09:26:51 -0500 [10:26:51 EDT]
From:      Harrison_Walsh@wellsfargo.com
Subject:      IMPORTANT Documents - WellsFargo

Please review attached documents.

Harrison_Walsh
Wells Fargo Advisors
817-674-9414 office
817-593-0721 cell Harrison_Walsh@wellsfargo.com

Investments in securities and insurance products are:
NOT FDIC-INSURED/NO BANK-GUARANTEES/MAY LOSE VALUE

Wells Fargo Advisors, LLC is a nonbank affiliate of Wells Fargo & Company, Member
FINRA/SIPC. 1 North Jefferson, St. Louis, MO 63103

CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are
confidential and are intended solely for the use of the person or entity to whom the
message was addressed. If you are not the intended recipient of this message, please be
advised that any dissemination, distribution, or use of the contents of this message is
strictly prohibited. If you received this message in error, please notify the sender.
Please also permanently delete all copies of the original message and any attached
documentation. Thank you. 
Attached is a ZIP file called WellsFargo - Important Documents.zip which in turn contains a malicious executable WellsFargo - Important Documents.exe which has a very low VirusTotal rate of 2/47.

Automated analysis tools [1] [2] [3] detect network traffic to [donotclick]www.c3dsolutions.com  hosted on 173.229.1.89 (5Nines LLC, US). At present I do not have any evidence of further malware sites on that server.

No comments: