Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact
Bookmark and Share

Issue 145 - December 2012 (2nd Edition) - Page 2

'You Have Received a Secure Message' Malware Emails

Issue 145 Start Menu

Previous Article            Next Article

Email claims that you have received a secure message which can be read by opening an attached file.

Brief Analysis
The email is not form any legitimate organization and the attachment does not contain a message, secure or otherwise. In fact, the attached .zip file harbours a malicious .exe file that, if opened, can install malware on the compromised computer. If you receive one of these emails, do not open any attachments or click on any links that it may contain.

Bookmark and Share

Scroll down to submit comments
Last updated: December 13, 2012
First published: December 13, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Subject: You have received a secure message

You have received a secure message

Read your secure message by opening the attachment, You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it.

If you have concerns about the validity of this message, please contact the sender directly. For questions please contact the [ bank name] Secure Email Help Desk a [.....].

First time users - will need to register after opening the attachment.

About Email Encryption - [Link to bank security notice]

Detailed Analysis
Malicious emails like the example shown above are currently being distributed by Internet criminals. The emails claim that users have received a secure message. They inform recipients that they can read the secure message by opening an attached .zip file. To further the illusion of legitimacy, links in some of the emails point to genuine security information on the targeted entity's real website. The emails also use spoofed addresses to make it appear that the messages really do originate from the targeted company.

The financial institution or company named in the scam emails varies considerably. Recent versions have purported to be from Bank of America and Australia's Commonwealth Bank. Another version falsely identifies networking company Cisco as the sender.

Those who fall for the ruse and unzip the attached file will then be presented with a .exe file named "SecureMessage.exe" or similar. If they proceed to open this .exe file, they will install a version of the W32.Changeup malware on their computers. This malware can make contact with a remote server and download and install further malware.

If you receive one of these malware emails, do not open any attachments that it may contain. Do not follow any links in the message.

Bookmark and Share


Spam Contributing to Increase of W32.Changeup Infections

Previous Article            Next Article

Issue 145 Start Menu

Pages in this issue:
  1. Hoax - NASA Predicts Total Blackout of Planet in Dec 2012
  2. 'You Have Received a Secure Message' Malware Emails
  3. Christmas Cards For Dalton Dingus
  4. Jim Carrey is NOT Dead
  5. Australian Power & Gas 'Payment Receipt' Malware Emails
  6. Gmail 'Update Account' Phishing Scam
  7. Starbucks Lack of Support For Iraq Troops Rumor
  8. Holiday Horrors - Are Common Seasonal Decorations Toxic?
  9. Facebook 'Site Governance' Email is Legitimate
  10. RapidFax Malware Email
  11. Facebook Survey Scam - Free Bunnings Gift Card
  12. Plea to Help Find Homes for 52 Thoroughbred Horses
  13. Giant Table and Chairs Horse Shelter Photograph
  14. Wrestling Star John Cena is NOT Dead
  15. Facebook 'Pirates' Fraud Warning
  16. Leptospirosis Death Warning - Rat Urine on Soda Can Top
  17. Egg Windshield Attack Robbery Warning
  18. 'Assistance Internet' Email Account Phishing Scam
  19. Misleading Health Advice Email - 'Mayo Clinic on Aspirin and Heart Attacks'