MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subjects like:
bill for O2
get Your O2 bill is ready
receive Your O2 bill
Your O2 bill is ready
Your O2 bill hasa been ready
Your O2 bill is already ready
This campaign is a variant on the DHL Delivery we spotted today.
This email is send from the spoofed address “xxxxx ” and has the following body:
Your O2 bill
Thanks for going on with O2
Good daytime, LYNN MILLER
Now you have your bill for 07/04/17 been ready. This month you have £248.53 for payment. We will take it away from your account at the payment day, or a bit after.
To check your latest bill online anytime and anywhere:
Please note that this email has been sent to you from an unmonitored email account so we will not be able to respond to any replies to it. This email is sent from Telefónica UK Limited. Telefónica UK Limited is authorised and regulated by the Financial Conduct Authority Reference Number 718822. Registered office: 260 Bath Road, Slough, Berkshire, SL1 4DX. Registered number: 1743099.
The downloaded file comes as 2253.exe from the host hxxp://inlinemedia.co.uk/download2063/ and is a Windows executable.