Sponsored by..

Tuesday 14 May 2013

Bank of America spam / RECEIPT428-586.doc

This fake Bank of America message has a malicious Word document attached:

Date:      Tue, 14 May 2013 10:16:05 +0500 [01:16:05 EDT]
Subject:      Your transaction is completed

Transaction is completed. $51317477 has been successfully transferred.
If the transaction was made by mistake please contact our customer service.
Receipt of payment is attached.

*** This is an automatically generated email, please do not reply ***
Bank of America, N.A. Member FDIC. Equal Housing Lender Opens in new window
© 2013 Bank of America Corporation. All rights reserved 

The attached document is RECEIPT428-586.doc which contains a CVE-2012-0158 / MS12-027 exploit, so a fully patched Windows system should be immune. Further analysis is pending, but the payload is likely to be P2P / Gameover Zeus as found in this attack. VirusTotal detections stand at just 11/46. Further analysis is pending.

No comments: