This fake Bank of America message has a malicious Word document attached:
Date: Tue, 14 May 2013 10:16:05 +0500 [01:16:05 EDT]
Subject: Your transaction is completed
Transaction is completed. $51317477 has been successfully transferred.
If the transaction was made by mistake please contact our customer service.
Receipt of payment is attached.
*** This is an automatically generated email, please do not reply ***
Bank of America, N.A. Member FDIC. Equal Housing Lender Opens in new window
C 2013 Bank of America Corporation. All rights reserved
The attached document is RECEIPT428-586.doc which contains a CVE-2012-0158 / MS12-027 exploit, so a fully patched Windows system should be immune. Further analysis is pending, but the payload is likely to be P2P / Gameover Zeus as found in this attack. VirusTotal detections stand at just 11/46. Further analysis is pending.
Leave a reply