Fake email “Your Online Submission for Reference 485/GB3363107 Could not process” contains trojan


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Your Online Submission for Reference 485/GB3363107 Could not process” stating that a document couldn’t be processed on the The Government Gateway website. The Government Gateway is the website used to register for online government services in the United Kingdom.

This email is send from the spoofed address “gateway.confirmation@gateway.gov.uk” and has the following body:

The submission for reference 485/GB3363107 was successfully received and was not processed.

Check attached copy for more information.

This is an automatically generated email. Please do not reply as the email address is not monitored for received mail.

The attached ZIP file has the name GB3363107.zip and contains the 23 kB large file GB09122014.exe.

The trojan will create a new process on the computer: erdou.exe.

At the time of writing, 0 of the 54 AV engines did detect the trojan at Virus Total so be very careful when receiving such an email.

Use the Virus Total permalink  for more detailed information.
SHA256: 4ff1452566fc312f9630c1fa2a2250a665e1ec3602b7168e4240306b114eae84

One thought on “Fake email “Your Online Submission for Reference 485/GB3363107 Could not process” contains trojan

Comments are closed.