This fake KeyBank spam has an attachment called securedoc.zip which contains a malicous executable file named securedoc.exe.Date: Thu, 17 Jan 2013 11:16:54 -0500 [11:16:54 EST]VirusTotal results are not good. The ThreatExpert report for the malware can be found here. The malware attempts to call home to:
From: "Antoine_Pearce@KeyBank.com" [Antoine_Pearce@KeyBank.com]
Subject: You have received a secure message
You have received a secure message
Read your secure message by opening the attachment, SECUREDOC. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it.
If you have concerns about the validity of this message, please contact the sender directly. For questions about Key's e-mail encryption service, please contact technical support at 888.764.7941.
First time users - will need to register after opening the attachment.
Help - https://mailsafe.keybank.com/websafe/help?topic=RegEnvelope
About IronPort Encryption - https://mailsafe.keybank.com/websafe/about
173.230.139.4 (Linode, US)
192.155.83.208 (Linode, US)
..and download additional components from
[donotclick]ib-blaschke.de/4kzWUR.exe
[donotclick]chris-zukunftswege.de/DynThR8.exe
[donotclick]blueyellowbook.com/Cct1Kk58.exe
No comments:
Post a Comment