Fake Fidelity email “401k June 2014 Fund Performance and Participant Communication” contains trojan


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “401k June 2014 Fund Performance and Participant Communication” regarding a Fidelity fund performance report.

This email is send from the spoofed address “Cora Mccracken <CoraMccracken@fidelity.com>” and has the following body, see below. Note that the subject speaks regarding a report for June while the body of the email and attached ZIP archive are using October so I assume that this is a small mistake.

Co-op 401k Plan Participants –

Attached you will find the October 2014 401k fund performance results as well as an informational piece regarding online calculators available on the website.

If you are a facility manager, please forward, print or post a copy of these pages on your bulletin board or in a conspicuous place where your employees can see them.

Please contact me if you have any questions.

Cora Mccracken

Employee Benefits/Plan Administrator

615.793.3210

The attached ZIP file has the name October-2014-401k-Fund.zip and contains the 23 kB large file October-2014-401k-Fund.scr.

The trojan is known as Win32.Malware!Drop, W32/Trojan3.LNK, Trojan.Upatre.100, W32/Trojan.DXKV-8011 or Win32/TrojanDownloader.Waski.A.

At the time of writing, 12 of the 54 AV engines did detect the trojan at Virus Total.

Use the Virus Total permalink for more detailed information.
SHA256: 782d490bedb9e65bb1640a4d08e0e3debe2c11b270415aeb8bbfb83377469a3b

One thought on “Fake Fidelity email “401k June 2014 Fund Performance and Participant Communication” contains trojan

Comments are closed.