Sponsored by..

Wednesday 24 September 2014

"You have received a new secure message from BankLine" spam leads to undetected malware

This fake BankLine email leads to malware that is not currently detected by any anti-virus engine:

From:     Bankline [secure.message@bankline.com]
Date:     24 September 2014 09:59
Subject:     You have received a new secure message from BankLine

You have received a secure message.

Read your secure message by following the link bellow:

http://ismashahalam.net/xyzpayohjx/ngkzoeqjjs.html

You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it.

If you have concerns about the validity of this message, please contact the sender directly. For questions please contact the Bankline Bank Secure Email Help Desk at 0131 556 7941.

First time users - will need to register after opening the attachment.
About Email Encryption - https://supportcentre.Bankline.com/app/answers/detail/a_id/1671/kw/secure%20message 
The link in the email goes to ismashahalam.net/xyzpayohjx/ngkzoeqjjs.html which downloads an archive file from ismashahalam.net/xyzpayohjx/SecureMessage.zip. This in turn contains a malicious file SecureMessage.scr which has a VirusTotal detection rate of 0/50.

The Anubis report shows that the malware phones home to very-english.co.uk which is worth blocking or monitoring.

For research purposes only, a copy of the malicious executable can be downloaded from here [zip]. The password is foray307.

No comments: