Sponsored by..

Tuesday 6 May 2014

"Important - BT Digital File" spam

This fake BT spam comes with a malicious attachment:

Date:      Tue, 6 May 2014 15:18:15 +0700 [04:18:15 EDT]
From:      Santiago Biggs [Santiago.Biggs@bt.com]
Subject:      Important - BT Digital File

BT Digital Vault     BT

Dear Customer,

This email contains your BT Digital File. Please scan attached file and reply to this email.

If you have any questions or forgotten your password, please visit the "Frequently Asked Questions" at www.bt.com/personal/digitalvault/help or call the helpdesk on 0870 240 1116* between 8am and midnight.

Thank you for choosing BT Digital Vault.

Kind regards,
BT Digital Vault Team
footer

*Calls charged up to 8 pence per minute on the BT network (minimum fee 5.5p). Mobile and other network costs may vary. See http://www.bt.com/pricing for details.

Please note that this is an automatically generated email for your information only. We are sorry, but we can not respond to a "Reply" to this address.

This electronic message contains information from British Telecommunications plc, which may be privileged or confidential. The information is intended for use only by the individual(s) or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is strictly prohibited. If you have received this electronic message in error, please delete this email immediately.

Registered office: 81 Newgate Street London EC1A 7AJ Registered in England no: 1800000 

Attached to the message is an archive file BT_Digital_Vault_File.zip which in turn contains a malicious executable BT_Digital_File.scr which has a VirusTotal detection rate of 11/52.

Automated analysis tools [1] [2] [3] show that this malware downloads additional components from the following locations:

[donotclick]realtech-international.com/css/0605UKdp.rar
[donotclick]biz-ventures.net/scripts/0605UKdp.rar

Blocking those URLs or monitoring for them may help to prevent further infection.


No comments: