Unsolicited E-mails with Malicious Attachment Disguise as Bitstamp Exchange Facilitator

Spam mails asserting that they're from the renowned exchange facilitator Bitstamp notify Internauts that there has been a modification of information pertaining to their bank accounts by the digital currency dealer while a file is attached providing further details.

A spoofed address of the e-mail sender making the message look as being dispatched automatically via Bitstamp's alert service along with one signature from Nejc Kodric, CEO of Bitstamp is likely to give tremendous problem to users in actually recognizing the fraud.

Additional efforts towards crafting the text deter suspicion, which indicates use of skilled social engineering in the campaign.

And though the notification tells about bank account modification added with an attachment for extra information, customers are still told their original A/C continues to remain and that transactions would be accepted through it.

For giving the e-mail a legitimate appearance, there's even citing of SEPA transfers within the message, telling the recipient once more the transfers typically cover 3 work-days for completion.

ThreatTrack the security company intercepted a sample e-mail, examined it and found that its attached file served Upatre a widely-known Trojan installer. Upatre installed the banker Trojan 'Dyre' onto affected PCs. Dyre was first uncovered during June 2014. At that time, security firms cautioned about the ZeuS takedown that discovered certain method for evading Web encryption called SSL (secure sockets layer).

Another security company which intercepted the spam is MX Labs.

Both ThreatTrack and MX Labs report that the attached file, a zipped archive, is labeled bankdetails.zip as well as that it carries one 24kb sized big file named details.scr.

Moreover, MX Labs notes that Trojan Dyre is as well called Troj.W32.Gen, which's one sample of Mal/Generic-S, HEUR/QVM20.1.Malware.Gen or Win32/Kryptik.COEK.

Disturbingly, just 4 AV engines from Virus Total's 53 anti-viruses could spot the Trojan. As per MX Labs, it has caught a few more e-mails that don't contain the malevolent .zip attachment, however, warns these too could be harmful.

Like always, Internauts shouldn't view attachments within uninvited e-mails. Nonetheless, incase they've already done so then it's advised they run a system scan using an up-to-date as also recent edition of one high-quality AV program.

» SPAMfighter News - 11/10/2014