Sponsored by..

Wednesday 18 March 2015

Malware spam: "Your online Gateway.gov.uk Submission"

This spam leads to a malicious ZIP file hosted either on Dropbox or Cubby.

From:    Gateway.gov.uk
Date:    18 March 2015 at 13:19
Subject:    Your online Gateway.gov.uk Submission

Electronic Submission Gateway

Thank you for your submission for the Government Gateway.
The Government Gateway is the UK's centralized registration service for e-Government services.

To view/download your form to the Government Gateway please visit http://www.gateway.gov.uk/file/s/gdvzk7toum8ghnc/SecureDocument.zip?dl=1

This is an automatically generated email. Please do not reply as the email address is not
monitored for received mail.

gov.uk - the best place to find government services and information - Opens in new window

The best place to find government services and information
The link leads to an archive file Avis_De_Paiement.zip which in turn contains a malicious binary Avis_De_Paiement.scr which has a VirusTotal detection rate of 16/57. ThreatExpert and Comodo CAMAS report that it downloads components from the following locations:

canabrake.com.mx/css/doc11.rtf
straphael.org.uk/youth2000_files/doc11.rtf


My sources indicate that this most likely phones home to 109.230.131.95 (Vsevnet Ltd. Russia) which is a known bad IP that I recommend blocking. The payload appears to be the Upatre downloader leading to the Dyre banking trojan.

No comments: