Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









'You Have Received a Secure Message' Malware Emails

Outline
Email claims that you have received a secure message which can be read by opening an attached file.



Brief Analysis
The email is not form any legitimate organization and the attachment does not contain a message, secure or otherwise. In fact, the attached .zip file harbours a malicious .exe file that, if opened, can install malware on the compromised computer. If you receive one of these emails, do not open any attachments or click on any links that it may contain.

Bookmark and Share





Scroll down to submit comments
Last updated: December 13, 2012
First published: December 13, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example

Subject: You have received a secure message

You have received a secure message

Read your secure message by opening the attachment, SecureMessage.zip. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it.

If you have concerns about the validity of this message, please contact the sender directly. For questions please contact the [ bank name] Secure Email Help Desk a [.....].

First time users - will need to register after opening the attachment.

About Email Encryption - [Link to bank security notice]




Detailed Analysis
Malicious emails like the example shown above are currently being distributed by Internet criminals. The emails claim that users have received a secure message. They inform recipients that they can read the secure message by opening an attached .zip file. To further the illusion of legitimacy, links in some of the emails point to genuine security information on the targeted entity's real website. The emails also use spoofed addresses to make it appear that the messages really do originate from the targeted company.

The financial institution or company named in the scam emails varies considerably. Recent versions have purported to be from Bank of America and Australia's Commonwealth Bank. Another version falsely identifies networking company Cisco as the sender.

Those who fall for the ruse and unzip the attached file will then be presented with a .exe file named "SecureMessage.exe" or similar. If they proceed to open this .exe file, they will install a version of the W32.Changeup malware on their computers. This malware can make contact with a remote server and download and install further malware.

If you receive one of these malware emails, do not open any attachments that it may contain. Do not follow any links in the message.

Bookmark and Share



References

Spam Contributing to Increase of W32.Changeup Infections

Last updated: December 13, 2012
First published: December 13, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer