Sponsored by..

Monday 29 September 2014

Malware spam: "Lloyds Commercial Bank" / "HSBC Bank UK"

Two different banking spams this morning, leading to the same malware,.

Lloyds Commercial Bank "Important - Commercial Documents"

From:     Lloyds Commercial Bank [secure@lloydsbank.com]
Date:     29 September 2014 11:03
Subject:     Important - Commercial Documents

Important account documents

Reference: C947
Case number: 18868193
Please review BACs documents.

Click link below, download and open document. (PDF Adobe file)

Please note that the Terms and Conditions available below are the Bank's most recently issued versions. Please bear in mind that earlier versions of these Terms and Conditions may apply to your products, depending on when you signed up to the relevant product or when you were last advised of any changes to your Terms and Conditions. If you have any questions regarding which version of the Terms and Conditions apply to your products, please contact your Relationship Manager. .

Yours faithfully

James Vance
Senior Manager, Lloyds Commercial Banking

Calls may be monitored or recorded in case we need to check we have carried out your instructions correctly and to help improve our quality of service.

Please remember we guarantee the security of messages sent by email.

HSBC Bank UK "Payment Advice Issued"

From:     HSBC Bank UK
Date:     29 September 2014 11:42
Subject:     Payment Advice Issued

Your payment advice is issued at the request of our customer. The advice is for your reference only.

Please download your payment advice at http://sabiacommunications.com/dropbox-documents/document_8641_29092014.php

Yours faithfully,
Global Payments and Cash Management

This is an auto-generated email, please DO NOT REPLY. Any replies to this email will be disregarded.
The link in the email goes through a script and then downloads a file document_8641_29092014_pdf.scr (this time without a ZIP wrapper) which has a VirusTotal detection rate of just 1/55. The Anubis report shows that the malware attempts to phone home to cuscorock.com which is probably a good thing to block or monitor.

No comments: