Sponsored by..

Monday 20 January 2014

"Thank you for scheduling a payment to Bill Me Later" spam

This fake Bill Me Later spam has a malicious attachment:
Date:      Mon, 20 Jan 2014 14:23:08 +0000 [09:23:08 EST]
From:      Bill Me Later [service@paypal.com]
Subject:      Thank you for scheduling a payment to Bill Me Later

BillMeLater
   
Log in here
       
Your Bill Me Later® statement is now available!

Dear Customer,

Thank you for making a payment online! We've received your
Bill Me Later® payment of $1603.57 and have applied it to your account.

For more details please check attached file

Summary:

Your Bill Me Later Account Number Ending in: 0266

You Paid: $1603.57

Your Payment Date*: 01/20/2014

Your Payment Confirmation Number: 971892583971968191

Don't forget, Bill Me Later is the perfect way to shop when you want more time to pay for the stuff you need. Plus, you can always find great deals and discounts at over 1000 stores. Watch this short, fun video to learn more.

BillMeLater

*NOTE: If your payment date is Saturday, or a holiday, it will take an additional day for the payment to appear on your account. However, you will be credited for the payment as of the payment date.
Log in at PayPal.com to make a payment
Questions:
Do not reply to this email. Please send all messages through the email form on our website. We are unable to respond to account inquiries sent in reply to this email. Bill Me Later is located at 9690 Deereco Rd, Suite 110, Timonium, MD 21093 Copyright 2012 Bill Me Later Inc.

Bill Me Later accounts are issued by WebBank, Salt Lake City Utah

PQW688PP1

Attached is an archive file PP_03357442.zip which in turn contains a malicious executable PP_03357442.exe which has a VirusTotal detection rate of just 4/45. Automated analysis tools [1] [2] show an attempted connection to jatit.org on 72.9.158.240 (Colo4, US) which appears to be a legitimate (but presumably compromised) site.

No comments: