Sponsored by..

Wednesday, 18 February 2015

Malware spam: "UK Fuels Esso E-bill" / "invoices@ebillinvoice.com"

This fake invoice is a forgery with a malicious attachment:
From:    invoices@ebillinvoice.com
Date:    18 February 2015 at 09:01
Subject:    UK Fuels Esso E-bill

Customer No         : 90714
Email address       : [redacted]
Attached file name  : 36890_06_2015.DOC (ZIP)

Dear Customer

Please find attached your invoice for Week 06 2015.

If you have any queries regarding your e-bill you can contact us at invoices@ebillinvoice.com.
Alternatively you can log on to your account at www.velocitycardmanagement.com to review your transactions and manage your account online.

Yours sincerely

Customer Services
UK Fuels

This email, its content and any files transmitted with
it are confidential and intended solely for the use of
the individual(s) to whom it is addressed.
If you are not the intended recipient, be advised that
you have received this email in error and that any use,
dissemination, forwarding, printing or copying of
this email is strictly prohibited.
I have only seen a single sample of this, with a ZIP file 36890_06_2015.zip attached, which in turn contains a document 36890_06_2015.doc. This document contains a malicious macro, and is exactly the same as the one used in this campaign leading to the Dridex banking trojan.

No comments: