Sanesecurity ClamAV blog: zero hour malware, phishing and scams: You have a new Secure Message "NatWest" {secure.message@natwest.com} malware

Tuesday, 13 January 2015

You have a new Secure Message "NatWest" {secure.message@natwest.com} malware

You have a new Secure Message "NatWest" {secure.message@natwest.com} malware has arrived in the form of a html email, with an attached ZIP file:

Headers:

From: "NatWest" {secure.message@natwest.com}
Subject: You have a new Secure Message

Message body:

You have received a encrypted message from NatWest Customer Support

In order to view the attachment please open it using your email client ( Microsoft Outlook, Mozilla Thunderbird, Lotus )

If you have concerns about the validity of this message, please contact the sender directly. For questions please contact the NatWest Bank Secure Email Help Desk at 0131 556 0993.

Attached is a Zip file:

SecureMessage.pdf.zip

Inside the Zip file, is a Windows Executable trying to pretend it's a PDF file:

SecureMessage.pdf.scr

MD5 Hash:

3f50268f9171bb1c5790954acd942f41

Scanner Reports:

VirusTotal [1] (9/56 hits)
Malwr Report [1]

Cheers,

Steve
Sanesecurity.com

Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Amazon3

Pages

Amazon

Tuesday, 13 January 2015

You have a new Secure Message "NatWest" {secure.message@natwest.com} malware

No comments: