Message Header:Thank you for your payment nycserv@finance.nyc.gov with zip attachment.
From: {nycserv@finance.nyc.gov}
Subject: Thank you for your payment
Message Body:
This is confirmation that your payment on Wed, 18 Feb 2015 16:31:02 +0000 for
USD 7900.00 has been
accepted by the NYC Department of Finance. Your Credit Card statement
will show
an entry from Parking Fines NYCGOV. Please read the attachment and save
it in case
you have any questions about the items that you have paid.
Name: sol chaimovits
Payment Date: Wed, 18 Feb 2015 16:31:02 +0000
Receipt Number: WWW81733157
Payment Amount: USD 7900.00
Credit Card: Visa
Account ending in: 3501
Your payment was for the following items:
Agency Item
Amount
------------------------------ --------------------
---------------
PVO 1160025162
USD 3000.00
PVO 7247746580
USD 4500.00
DOF Convenience Fee
USD 400.00
Thank you for using New York City's website to process your payment.
Please do not reply to this email. You may contact us by visiting
http://nycserv.nyc.gov/NYCServWeb/ContactUs.html if you have questions
or need further assistance.
Attachment filename: attachment.zip
Inside the Zip file is a Windows Executable:
attachment.exe
Md5 Hashes:
5c28d3aeabf4685d3652c8864c02c08d [1] (Zip)
31aae58c4eb6a0c7fe213322a8acd7fc [2] (Exe)
Malware information:
VirusTotal Report [1] (hits 6/57 Virus Scanners) (Zip)
VirusTotal Report [2] (hits 6/57 Virus Scanners) (Exe)
Malwr Report [2] (exe)
Hybrid Analysis Report [2] (exe) Detailed Technical Report
Description:
Cheers,
The malware in the zip is Dyre, is Zeus-like banking Trojan, which is trying to capture as much information about your online banking details as possible.
It's also being used to then send out the same malware to everyone else by using your own copy of outlook and your bandwith... and basically being a costly pain in the rear.
Cheers,
Steve
59 comments:
Just got this email through. Keep getting spam emails containing viruses and I'm not sure how they got my email address?
I just got this one, too.
Just received this exact email!!!
Hopefully everybody researches and finds this report before opening it.
Thank you for confirming this. I had same email looked bogus but believable. I knew enough not to click it
i got this exact email today.....
Just received this email at 12:21 ET 2/18/15.
I just got this email. Thanks to this blog, I deleted it immediately! Thank you!
Got this three times today. Exactly as shown. Blacklisted it in my spam filter.
Totally got this exact email, virus for sure
Received this just now, in the UK...
Me too I live in Canada
Never been to NY and live in Canada? But got this too !
I just received this email, as well. I don't live in NYC, and I've never driven in NYC, so I didn't download anything.
me too.. damn spammers
Got 2 exact same emails in New Zealand
I got it too. Glad I checked!
I got it too. I have a credit card that happens to have those last 4 numbers too so I checked. Glad I did.
Just got this as well on company email (based in CA)
I got this today too an deleted it immediately
Me too, the stress caused non-stop flatulence for nearly 48 hours so I called the police. Thanks
We have got this,too. From Hawaii:) NYC seems far far away.
Gracias por el sitio!!!nunca he conducido en NY. He llegado a pensar en suplantación de identidad, que susto!!ojo con otro: zona/jobs
I got this on my work e-mail. I wonder if this could be part of the cyber attack on Anthem BCBS.
Just got same e-mail..... police said they were busy with some guy who had flatulence ... did not click on it :))
Called NYC Finance and they said, they are aware of it and those emails were sent in error :-( the amount could be for 7,900 or 4,500 and lot of aggravation !!
Yep.. just received it to.. Wonder how many fall for it?
Thanks for the blog. Received email also.
Got it too...PA
Don't think it was sent in error if it contains a virus. Especially since the originating IP is in Mexico.
I just got this too, thankfully didn't open it. Thanks for the blog
Hi all just got this email to What should I do .
Thanks all.
Just received it as well. I wish my antivirus would peek inside of zipped attachments.
The $400 line item is quite a hefty "convenience fee" for online NYC parking ticket payments. I wonder if that's what they really do charge...
Hi all just got this email to What should I do .
Thanks all.
Joke's on them - I don't have a credit card. Or $7900 in the bank.
Just got this too and I'm in New Zealand not New York
I got this email this morning too. I'm in Australia and have never been to New York
Got the exact email dated Thu 2/19/2015 3:12 AM. deleted straight away...Papua New Guinea
Got this one this am Thu 2/19/2015 3:12 AM..
Got it in Hong Kong.
what happens if you open the attachment in a MAC? stills got infected?
Israelis...criminals from Israel, associated with banking cartels.
I got the same email. Checked all my credit card numbers first, no match. Then researched. I am in Texas. I went to NY 20 years ago and didn't drive a car. Thought something was fishy. Thanks for the info.
I suspected it as soon as I saw there was a .zip attached... But I checked my card online right away since all the hacking that's taking place.
What the hell . I thought I'd been had . UK
Just got this e-mail too, in Thailand. Thanks to this blog.
I got this email this morning too 1235am. I'm in Malaysia and have never been to new york
Received this just now, in the Spain
je viens d'avoir le même message mais pas ouvert le zip et j'habite en Belgique
Never been to NYC and live in London, UK. Received one of these this morning and just laughed.
Received via finance sector within educational environment in UK.
Why would NYC lie that mails are sent in error? May be it should admit that the system was hacked or there is spam going on.
just received this exact email too on a business email glad I read this
I received this yesterday and immediatly burst into tears, and have since cried all the water out my body. I cant move now, just a dry, wrinkly skin-heap on the floor. Where is justice in the world? Cheers
same email , in belgium :D
Thanks I received the same mail here in the UK and so deleted the message and did not open the attachment due to checking the information you have here
Just recieved this in Birmingham, England, and before opening it done a google search which came up with this site. Obviously deleted e'mail without opening it hopefully before any harm was done. Thanks for the advise.
I got this email too :)
Just receieved same email and ignore.
Oh my god - is this for real - thank you just got this exact same email!
Post a Comment