We are currently seeing a large scale malicious spam campaign that claims to be a “Credit Card Overdue” notice. The campaign is originating from one of the Cutwail spambot variants. The theme has no specific credit card brand, possibly because the spammer thought a generic template may entice more victims. The spam message claims the credit card holder has an overdue credit card that needs to be settled in 2 days or else a $25 late fee and finance charge will be imposed.
The malicious application is attached in a zip file disguised as a credit card statement. Extracting the Zip file reveals a Trojan downloader executable file that uses a Adobe PDF icon. When the executable is run it downloads a fake anti-virus executable from the following url:
http://mysteryforyou1[dot]ru/pusk.exe
The fake AV pops up a fake warning.
Fake AV system utility
Spammers are constantly inventing new social engineering themes in an effort to distribute their malware. Targeting credit card holders, especially in this tough economy, is just another theme in their portfolio. The spammers can change their themes over time, and often just recycle old ones. There is enough in this message to cause most people to be suspicious, especially the fact that your credit card company is unlikely to be emailing you in the first place. So, as usual, be wary.
Leave a reply
