Sponsored by..

Thursday, 15 May 2014

"NatWest Statement" spam contains a bit.ly link

This fake NatWest spam sends victims to a malicious download via a bit.ly link.

From:     NatWest.co.uk
Date:     15 May 2014 13:11
Subject:     NatWest Statement

 View Your April 2014 Online Merchant Financial Activity Statement

Keep track of your account with your latest Online Merchant Financial Activity Statement from NatWest Bank. It's available for you to view at this secure site. Just click to select how you would like to view your statement:

View/Download as a PDF

View all EStatements

So check out your statement right away, or at your earliest convenience.

Thank you for managing your account online.


NatWest Bank

Please do not respond to this e-mail. If you have any questions about this inquiry message or your NatWest Bank ®
Merchant account, please speak to a Customer Service representative at 1-800-374-2639

NatWest Bank Customer Service Department

P.O. Box 414 | 38 Strand, WC2N 5JB, London

Copyright 2014 NatWest Company. All rights reserved.

The link in the email goes to [donotclick]bit.ly/1jKW2GJ which then downloads a malicious file Statement-pdf.scr which has a VirusTotal detection rate of 8/53. Automated analysis tools [1] [2] [3] [4] are inconclusive about what the malware actually does.

One thing about bit.ly links is that if you put a "+" at the end of the link you can see how many people clicked it. In this case, 236 people have clicked so far, mostly in North America. I suspect that quite a few of those are malware researchers!

No comments: