Sponsored by..

Wednesday, 14 May 2014

citibank.com "Important - Commercial Form" spam

This fake Citibank spam comes with a malicious attachment:

Date:      Wed, 14 May 2014 11:56:34 -0500 [12:56:34 EDT]
From:      Nola Painter [Nola.Painter@citibank.com]
Subject:      FW: Important - Commercial Form

Commercial Banking Form

To: [redacted]

Case: C1957115
Please scan attached document and fax it to +1 800-285-1110 .

All web filed documents (with the exception of downloaded accounts templates) are available to view / download for 10 days after their original submission. Once accepted, these changes will be displayed on the public record. Not yet filing your accounts online? See how easy it is... For enquiries, please telephone the Service Desk on +1 800-285-4794 or email enquiries@citibank.com. This email was sent from a notification-only email address which cannot accept incoming mail. Please do not reply directly to this message. .

Yours faithfully

Nola Painter
Commercial Banking
Citibank N.A

Copyright © 2014 Citigroup Inc.                                                                    

Other senders spotted include:
Lavonne Bermudez [Lavonne.Bermudez@citibank.com]
Gabriel Britton [Gabriel.Britton@citibank.com]

Attached to the message is an archive file CommercialForm.zip which in turn contains a malicious executable CommercialForm.exe which has a VirusTotal detection rate of 19/52. Automated analysis tools [1] [2] [3] show that it downloads an encrypted file from [donotclick]desktopcrafts.com/wp-content/uploads/2014/05/Targ-1405USdp.enc although what that does is currently unclear.

No comments: