Sponsored by..

Wednesday 5 February 2014

"Barclays transaction notification" spam

This fake Barclays spam comes with a malicious payload:

Date:      Wed, 5 Feb 2014 03:02:52 -0500 [03:02:52 EST]
From:      Barclays Bank [support@barclays.net]
Subject:      Barclays transaction notification #002601

Transaction is completed. £9685 has been successfully transfered.
If the transaction was made by mistake please contact our customer service.
Receipt of payment is attached.

Barclays is a trading name of Barclays Bank PLC and its subsidiaries. Barclays Bank PLC is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority (Financial Services Register No. 122702). Registered in England. Registered Number is 1026167 with registered office at 1 Churchill Place, London E14 5HP.
Attached is a file Payment receipt Barclays PA77392733.zip which is turn contains a malicious executable Payment receipt Barclays PA77392733.exe with a surprisingly poor VirusTotal detection rate of just 1/51 (only Sophos detects it). Automated analysis tools are pretty inconclusive about the payload [1] [2] [3] with only the Malwr report having any real detail.

No comments: