Sponsored by..

Friday 26 September 2014

Malware spam: "HMRC taxes application with reference" / "Important - BT Digital File" / RBS "Outstanding invoice"

Another bunch of spam emails, with the same payload at this earlier spam run.

HMRC taxes application with reference LZV9 0Q3E W5SD N3GV received

From:     noreply@taxreg.hmrc.gov.uk [noreply@taxreg.hmrc.gov.uk]
Date:     26 September 2014 12:26
Subject:     HMRC taxes application with reference LZV9 0Q3E W5SD N3GV received

The application with reference number LZV9 0Q3E W5SD N3GV submitted by you or your agent to register for HM Revenue & Customs (HMRC) taxes has been received and will now be verified. HMRC will contact you if further information is needed.

Please download/view your HMRC documents here: http://motobrothers.com.pl/documents/document26092014-008.php

The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Vodafone in partnership with Symantec. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free.

Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.

Important - BT Digital File


From:     Cory Sylvester [Cory.Sylvester@bt.com]
Date:     26 September 2014 12:51
Subject:     Important - BT Digital File

Dear Customer,

This email contains your BT Digital File. Please scan attached file and reply to this email.

To download your BT Digital File please follow the link below : http://splash.com.my/documents/document26092014-008.php

If you have any questions or forgotten your password, please visit the "Frequently Asked Questions" at www.bt.com/personal/digitalvault/help or call the helpdesk on 0870 240 0346* between 8am and midnight.

Thank you for choosing BT Digital Vault.

Kind regards,
BT Digital Vault Team
footer

*Calls charged up to 8 pence per minute on the BT network (minimum fee 5.5p). Mobile and other network costs may vary. See http://www.bt.com/pricing for details.

Please note that this is an automatically generated email for your information only. We are sorry, but we can not respond to a "Reply" to this address.

This electronic message contains information from British Telecommunications plc, which may be privileged or confidential. The information is intended for use only by the individual(s) or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is strictly prohibited. If you have received this electronic message in error, please delete this email immediately.

Registered office: 81 Newgate Street London EC1A 7AJ Registered in England no: 1800000

RBS Bankline: Outstanding invoice


From:     Bankline.Administrator@rbs.co.uk [Bankline.Administrator@rbs.co.uk]
To:     redacted.uk
Date:     26 September 2014 13:05
Subject:     Outstanding invoice

   {_BODY_TXT}

Dear [redacted],

Please find the attached copy invoice which is showing as unpaid on our ledger.

To download your invoice please click here

I would be grateful if you could look into this matter and advise on an expected payment date .

Many thanks

Paul Hamilton

Credit Control

Tel: 0845 300 2952
In the sample I looked at the malware page downloaded an archive document26092014-008_pdf.zip which in turn contains document26092014-008_pdf.exe which is the same payload as earlier.

The links I have seen so far in the emails are:

http://motobrothers.com.pl/documents/document26092014-008.php
http://splash.com.my/documents/document26092014-008.php
http://www.firstlcoc.org/documents/document26092014-008.php
http://elblogderosner.com/documents/document26092014-008.php

No comments: