Websense Security Labs™ and the Websense ThreatSeeker® Network have detected malicious emails disguised as HSBC Notifications. A closer look at these emails, like the one you can see below, reveals that the link provided in the emails is a compromised URL belonging to the Philippine Bureau of Immigration.
Clicking the link prompts the user to download a malicious file called "atualizar.exe". You can find the VirusTotal analysis results for this .exe here.
Websense Email Security and Websense Web Security protect against these kinds of blended threats with ACE, our Advanced Classification Engine.
Leave a reply