This fake SendSecure Support / Bank of America spam comes with a malicious attachment called secure_message_02202013_01590106757637303.zip:
Date: Wed, 20 Feb 2013 11:23:43 -0400 [10:23:43 EST]The zip file secure_message_02202013_01590106757637303.zip unzips into secure_message_02202013_01590106757637303.exe with a VirusTotal detection rate of 6/46. According to ThreatExpert, the malware installs a keylogger and also tries to phone home to:
From: SendSecure Support [[email protected]]
Subject: You have received a secure message from Bank Of America
You have received a secure message.
Read your secure message by opening the attachment. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it.
If you have concerns about the validity of this message, please contact the sender directly.
First time users – will need to register after opening the attachment.
Help – https://securemail.bankofamerica.com/websafe/help?topic=Envelope
These sites are hosted on 18.104.22.168 which I posted about yesterday. Blocking access to this IP might mitigate against this particular threat somewhat.
Leave a reply