It looks a bit like a phish, but this "First Foundation Bank Secure Email Notification" spam has a ZIP file that leads to malware:Date: Wed, 13 Feb 2013 20:08:46 +0200 [13:08:46 EST]
From: FF-inc Secure Notification [secure.notification@ff-inc.com]
Subject: First Foundation Bank Secure Email Notification - 94JIMEEQ
You have received a secure message
Read your secure message by opening the attachment, secure_mail_94JIMEEQ. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it in a Web browser. To access from a mobile device, forward this message to mobile@res.ff-inc.com to receive a mobile login URL.
If you have concerns about the validity of this message, please contact the sender directly. For questions about secure e-mail encryption service, please contact technical support at 888.795.7643.
2000-2013 First Foundation Inc. All rights reserved.
Attached is a file called secure_mail_94JIMEEQ.zip which expands into.. well, nothing good.. a file called secure_mail_{_Case_DIG}.exe with an icon that is meant to disguise it as an Acrobat file.
VirusTotal detection rates are just 15/45 and the malware is resistant to analysis. Incidentally, emailing mobile@res.ff-inc.com just generates a failure message. Avoid.
No comments:
Post a Comment