Tuesday, 16 December 2014

cab file malware: Banking account Notification

 A huge amount of fake banking malware it hitting here... this time using .CAB (Microsoft Cabinet) archives,
inside of which contains a .SCR file:


Date: Tue, 16 Dec 2014 14:07:03 +0100
From: "Barbar Wheelus"
To: itsupport@newburydata.co.uk
Subject: Notice #J-19584HA-60644

===========================================
This is an automatically generated email. Please do not reply as the email address is not monitored for received mail.
===========================================

Notification Number: 5317568
Mandate Number: 1601102
Date: December 16, 2014. 01:42pm

In an effort to protect your Banking account, we have frozen your account until such time that it can be safely restored by you. Please view attached file "J-19584HA-60644.cab" for details.

Regards,
Barbar Wheelus
+07805 544772


There seems to be quite a few varients at the moment...

However one version scanned with VirusTotal shows it's Kryptik.CCQZ :(

These are being blocked by...

Sanesecurity.Malware.24664
Sanesecurity.Malware.24665.ExeHeur

1 comment:

Anonymous said...

I also have this:
===========================================
This is an automatically generated email. Please do not reply as the email address is not monitored for received mail.
===========================================

Notification Number: 5526562
Mandate Number: 8684942
Date: December 16, 2014. 01:22pm

In an effort to protect your Banking account, we have frozen your account until such time that it can be safely restored by you. Please view attached file "........cab" for details.

Best wishes,
Coralie Kokoszka
+07437-184412