MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Temporarily blocked”.
This email is send from the spoofed addresses and has the following body:
this is to inform you that your Debit Card is temporarily blocked as there were unknown transactions made today.
We attached the scan of transactions. Please confirm whether you made these transactions.
Technical Manager – Online Banking
The attached file debit_card_1c869a00.zip contains the folder debit_card_1c869a00 with the files f and debit card details 2E6E68.wsf.
The malware is detected by 9/55 AV engines at Virus Total.