Sponsored by..

Thursday, 7 January 2016

Malware spam: "Close Invoice Finance Limited Statement 1/1"

This fake financial spam comes with a malicious attachment:

From:    Carey Cross
Date:    7 January 2016 at 11:35
Subject:    Close Invoice Finance Limited Statement 1/1

Dear Customer,

Please find attached your latest statement from Close Brothers Invoice Finance.

Your username is 05510/0420078
Your password should already be known to you.

If you have any queries please contact:

For Credit Control: creditcontrolqueriesCBIF@closebrothers.com

For login help: closloginhelp@netsend.biz

If you’re considering growing your business or are simply looking for support with cash flow, visit our website to see how we can help www.closeinvoice.co.uk/cashflow


Close Brothers Invoice Finance

The sernder's name will vary, as will the attachment name. I have only seen a single sample at the moment with a detection rate of 2/54. Functionally, the payload is identical to that found in this earlier spam run, and it drops the Dridex banking trojan.

No comments: