Barracuda Engineer and Research Scientist Luis Chapetti (@cudasecurity) is warning us of a new phishing attack that he discovered on Friday afternoon. The email impersonates an official secure message from Bank of America Merrill Lynch.

dl.dropboxusercontent.com /s/xn26h1fppik5np6/SecureMessage.zip?dl=1&token_hash=AAFeZ7ZaTMGCK_zbZfiraxwiTEBsq8rwQ7TF5l5lGEn9rg&expiry=1400258860
This initiates a download of the “SecureMessage.zip” file, which contains Spyware/Win32.Zbot. This trojan takes the following actions on the user computer:
- Starts servers listening on 0.0.0.0:6710 and 0.0.0.0:6506
- Performs an HTTP GET of malkanat.com/images/Targ-1605USdp.tar
- Collects MachineGuid, DigitalProductID, and SystemBiosDate
- Steals private information such as login data, that is transmitted through browsers
- Installs itself for autorun at Windows startup
This message shares is similar to other “secure message” emails that we have seen in the past year, in that it shares these characteristics:
- The “secure message” attachment is an executable or a zip file
- The user is directed to open the attachment with a web browser
- It directs the user to a Dropbox link which contains the malware
This phishing attack has been used against customers of other banks as well. Citibank, Key Bank, HSBC, and NatWest have all been impersonated for this type of attack.
If you suspect that you have received one of these emails, you can report it to US-CERT and APWG.
Customers running the Barracuda Spam Firewall or Barracuda Web Filter with the latest security definitions are protected from this attack.
Christine Barry est blogueuse en chef et responsable des réseaux sociaux chez Barracuda. Son travail consiste à rédiger des articles captivants en lien avec les services Barracuda et à faciliter la communication entre le public et les équipes internes. Avant de rejoindre Barracuda, Christine a été ingénieure de terrain et chef de projet dans l'éducation et auprès de PME pendant plus de 15 ans. Elle est titulaire de plusieurs diplômes technologiques, d'une licence de l'université du Michigan, et d'une maîtrise en administration des affaires.
Connectez-vous avec Christine sur LinkedIn.