Tuesday, 13 January 2015

Notice of payment - payment_notice - National Bank of Canada - malware

Notice of payment - payment_notice - National Bank of Canada - malware is now arriving in the form of a html email, with an attached ZIP file.

Headers:
Date: Wed, 14 Jan 2015 01:23:27 +0700
From: "sac.sbi@sibn.bnc.ca" {sac.sbi@sibn.bnc.ca}
Subject: Notice of payment
Message body:

You can view and print the notice of payment using the Netscape or Microsoft
Explorer browsers, versions 6.2 and 5.5.  You can export and store the
notice of payment data in your spreadsheet by choosing the attached file in
pdf format ".pdf".

If you have received this document by mistake, please advise us immediately
and return it to us at the following E-mail address:  "sac.sbi@sibn.bnc.ca".
Thank you.

National Bank of Canada
600 de La Gauchetire West, 13th Floor
Montreal, Quebec H3B 4L2


CP066684
CPI080000004345

CONFIDENTIALITÉ : Ce document est destiné uniquement à la personne ou à
l'entité à qui il est adressé.
L'information apparaissant dans ce document est de nature légalement
privilégiée et confidentielle. Si vous n'êtes pas le destinataire visé ou la
personne chargée de le remettre à son destinataire, vous êtes, par la
présente, avisé que toute lecture, usage, copie ou communication du contenu
de ce document est strictement interdit. De plus, vous êtes prié de
communiquer avec l'expéditeur sans délai ou d'écrire à
confidentialite@bnc.ca et de détruire ce document immédiatement.

CONFIDENTIALITY: This document is intended solely for the individual or
entity to whom it is addressed. The information contained in this document
is legally privileged and confidential. If you are not the intended
recipient or the person responsible for delivering it to the intended
recipient, you are hereby advised that you are strictly prohibited from
reading, using, copying or disseminating the contents of this document.
Please inform the sender immediately or write to confidentiality@nbc.ca and
delete this document immediately.

Attached to the email is a ZIP file:

payment_notice.pdf.zip

On the Windows machine, Inside the zip, is Windows executable (Note the dual extension)
payment_notice.pdf.scr

Md5 Hashes:
ad24f44fb0e99274dbb79cf9196e0ff5

Malware Information:

VirusTotal Report [1] (hits 14/57 Virus Scanners)

Malwr Report [1]

Summary:




Installs itself for autorun at Windows startup

Cheers,

Steve
Sanesecurity.com

No comments: