This fake Barclays spam comes with a malicious payload:
Date: Wed, 5 Feb 2014 03:02:52 -0500 [03:02:52 EST]
From: Barclays Bank [support@barclays.net]
Subject: Barclays transaction notification #002601
Transaction is completed. £9685 has been successfully transfered.
If the transaction was made by mistake please contact our customer service.
Receipt of payment is attached.
Barclays is a trading name of Barclays Bank PLC and its subsidiaries. Barclays Bank PLC is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority (Financial Services Register No. 122702). Registered in England. Registered Number is 1026167 with registered office at 1 Churchill Place, London E14 5HP.
Attached is a file
Payment receipt Barclays PA77392733.zip which is turn contains a malicious executable
Payment receipt Barclays PA77392733.exe with a surprisingly poor VirusTotal detection rate of just
1/51 (only Sophos detects it). Automated analysis tools are pretty inconclusive about the payload
[1] [2] [3] with only the
Malwr report having any real detail.
No comments:
Post a Comment