Tuesday, 13 January 2015

You have a new Secure Message "NatWest" {secure.message@natwest.com} malware

You have a new Secure Message "NatWest" {secure.message@natwest.com} malware has arrived in the form of a html email, with an attached ZIP file:

Headers:
From: "NatWest" {secure.message@natwest.com}
Subject: You have a new Secure Message
Message body:

You have received a encrypted message from NatWest Customer Support

In order to view the attachment please open it using your email client ( Microsoft Outlook, Mozilla Thunderbird, Lotus )

If you have concerns about the validity of this message, please contact the sender directly. For questions please contact the NatWest Bank Secure Email Help Desk at 0131 556 0993.

Attached is a Zip file:
SecureMessage.pdf.zip
Inside the Zip file, is a Windows Executable trying to pretend it's a PDF file:
SecureMessage.pdf.scr

MD5 Hash:

3f50268f9171bb1c5790954acd942f41
Scanner Reports:

VirusTotal [1] (9/56 hits)
Malwr Report [1]


Cheers,

Steve
Sanesecurity.com

No comments: