Sponsored by..

Tuesday 16 July 2013

Bank of America spam / stid 36618-22.zip

This fake Bank of America spam comes with a malicious attachment:

Date:      Tue, 16 Jul 2013 21:21:06 +0200 [15:21:06 EDT]
From:      Joyce Bryson [legalsr@gmail.com]
Subject:      Merchant Statement

Enclosed (pdflPDF|pdf file|document|file) is your Bank of America Paymentech electronic Merchant Billing Statement.
If you need assistance, please (contact|message|call) your Account Executive or call Merchant Services at the telephone number listed on your statement.
PLEASE DO NOT RESPOND BY USING REPLY. This (email|mail) is sent from an unmonitored email address, and your response will not be received by Bank of America Paymentech.
Bank of America Paymentech will not be responsible for any liabilities that may result from or relate to any failure or delay caused by Bank of America Paymentech's or the Merchant's email service or otherwise. Bank of America Paymentech recommends that Merchants continue to monitor their statement information regularly.
Learn more about Bank of America Paymentech Solutions, LLC payment processing services at Bank of America.
THIS MESSAGE IS CONFIDENTIAL. This e-mail message and any attachments are proprietary and confidential information intended only for the use of the recipient(s) named above. If you are not the intended recipient, you may not print, distribute, or copy this message or any attachments. If you have received this communication in error, please notify the sender by return e-mail and delete this message and any attachments from your computer. 

Attached is a file called stid 36618-22.zip which in turn contains stid 36618-22.exe which is a variant of Zbot. VirusTotal detections are just 11/47.

Anubis reports what appear to be several peer-to-peer connection attempts plus an attempted download from [donotclick]apsuart.com/741_out.exe that appears to fail. For what they are worth, hereis the Comodo CAMAS report, Malwr report and ThreatExpert report.