Date: Tue, 29 Oct 2013 22:34:50 +0800 [10:34:50 EDT]Attached is an executable file Copy_10292013.zip which contains an executable file Copy_10292013.exe which is (of course) malicious. Note that the date is encoded into the filenames, so future versions of this will vary.
From: Wells Fargo [Emilio.Hendrix@wellsfargo.com]
Subject: FW: Check copy
We had problems processing your latest check, attached is a image copy.
Emilio Hendrix
Wells Fargo Check Processing Services
817-576-4067 office
817-192-2390 cell Emilio.Hendrix@wellsfargo.com
Wells Fargo Check Processing Services. 1 North Jefferson, St. Louis, MO 63103
CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are
confidential and are intended solely for the use of the person or entity to whom the
message was addressed. If you are not the intended recipient of this message, please be
advised that any dissemination, distribution, or use of the contents of this message is
strictly prohibited. If you received this message in error, please notify the sender.
Please also permanently delete all copies of the original message and any attached
documentation. Thank you.
--------------------
Date: Tue, 29 Oct 2013 14:41:46 +0000 [10:41:46 EDT]
From: Wells Fargo [Leroy.Dale@wellsfargo.com]
Subject: FW: Check copy
We had problems processing your latest check, attached is a image copy.
Leroy Dale
Wells Fargo Check Processing Services
817-480-3826 office
817-710-4624 cell Leroy.Dale@wellsfargo.com
Wells Fargo Check Processing Services. 1 North Jefferson, St. Louis, MO 63103
CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are
confidential and are intended solely for the use of the person or entity to whom the
message was addressed. If you are not the intended recipient of this message, please be
advised that any dissemination, distribution, or use of the contents of this message is
strictly prohibited. If you received this message in error, please notify the sender.
Please also permanently delete all copies of the original message and any attached
documentation. Thank you.
The VirusTotal detection rate is just 3/47. Automated analysis [1] [2] shows an attempted connection to allisontravels.com on 69.26.171.181 (Xeex Communications, US) which appears to be the only site currently on this server. I would recommend blocking one or both of these.
gg
3 comments:
Got this one too this morning.
Attached: Image_10292013.zip 12kb
We had problems processing your latest check, attached is a image copy.
Enrique Goodwin
Wells Fargo Check Processing Services
817-335-3990 office
817-782-2864 cell
Enrique.Goodwin@wellsfargo.com
Wells Fargo Check Processing Services. 1 North Jefferson, St. Louis, MO 63103
CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.
Got one a few minutes ago. Almost fooled by it. Thanks for posting this warning!
I opened it. How do I seek and destroy?
Post a Comment