New trojan variant in emails with subject “DHL Delivery Notification Message”


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject "DHL Delivery Notification Message  5SE1M4FDO07A6DKVL" - the combination of letters and numbers may change. The email is send from the spoofed address "DHL Express <noreply@dhl.com>"and has the following body: DHL Express Tracking Notification: Wed, 30 Nov 2011 01:16:39 +0200 … Continue reading New trojan variant in emails with subject “DHL Delivery Notification Message”

Rabobank phishing emails with attachment


MX Lab, http://www.mxlab.eu, intercepted a phishing campaign with the subject "ACCOUNT ACTIVEREN" that targets Rabobank users. The emails are sent from the spoofed emailaddress "Rabobank <service@aupairconnect.com>" and have the following body in Dutch: Amsterdam Code : 007498. Geachte Rabobank. klant, Rabobank is niet in staat om uw rekening te verifieren. Uw rekening moet zo snel … Continue reading Rabobank phishing emails with attachment

Order confirmation by email contains download URL that leads to malware


MX Lab, http://www.mxlab.eu, reported yesterday regarding emails with an embedded URL that leads to malware in messages regarding a new price list. Today, we are intercepting a new variant of this campaign but instead of a price list the content is regarding an order confirmation. The messages are sent in English or in the Dutch … Continue reading Order confirmation by email contains download URL that leads to malware

Email with new price list contains an URL that downloads a trojan


MX Lab, http://www.mxlab.eu, has intercepted a sample of a new trojan that is downloaded through email. The email is send from the spoofed address, comes with the subject "Bericht" and has the following body: Gedwongen wijzigt u de hoogte van de tarieven voor diensten van onze firma, veroorzaakt door de algemene economische situatie en de … Continue reading Email with new price list contains an URL that downloads a trojan

Different versions of ABN AMRO phishing email in circulation


MX Lab, http://www.mxlab.eu, detected different versions of ABN AMRO phishing emails that are in circulation on a daily base targeting Dutch ABN AMRO bank account users. ABN AMRO Systeembeveiliging The first variant, with a very good lay out and style, comes with the subject "ABN AMRO Systeembeveiliging" or "ABN AMRO Systeembeveiling" and is sent from … Continue reading Different versions of ABN AMRO phishing email in circulation

Trojan masked as a FedEx Agent File Form


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subjects like: FedEx: AGENT FILE FORM, Fri, 18 Nov 2011 08:55:14 +0900 FedEx: New Agent File Form, trackid: DFP0W0G3ETL62005 The email is send from the spoofed address "FedEx Express <noreply@fedex.com>" and has the following body: The FedEx Export AgentFile form … Continue reading Trojan masked as a FedEx Agent File Form

Email with information about an ACH debit transfer created on your behalf leads to malware


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subjects: ACH debit transfer was hold by Yolo Community Bank ACH payroll payment was not accepted by Central Trust and Savings Bank ACH Transfer was not accepted by Eldorado Bank ACH debit transfer was hold by The Mechanics Bank Funds … Continue reading Email with information about an ACH debit transfer created on your behalf leads to malware