Bogus US SEC notification leads to malware
Notifications purportedly sent by the US Securities and Exchange Commission have been hitting inboxes and trying to trick users into following a malicious link, warns GFI.
The message reads:
From: “Homer Hutchinson”
Subject: Notification of securities investigation against your company.
Message body:
Dear customer, Securities and Exchange Commission Whistleblower office has received complaint about possible infringement at your company, including Unregistered securities offering, involving such financial products as swaps.Failure to provide a reply to this complaint within 28 day period will result in Securities and Exchange Commission investigation against your company. You can have access to the complaint details in U.S. Securities and Exchange Commission Tips, Complaints, and Referrals portal under the following link:
Complaint details (link)
(SEC physical address)
Those unfortunate enough to open it will be redirected through a number of sites and will finally end at one that hosts the Blackhole exploit kit, which is able to take advantage of a number of Adobe Reader, Acrobat and Flash vulnerabilities, as well as some on Java and Windows Media Player.
If the kit manages to exploit one of those, the user is finally taken to a website where he can download the about.exe file.
Sadly, this is not a document containing details of the complaint, but a variant of the Zeus/Zbot information-stealing Trojan that is currently detected only by a dozen of the AV solutions employed by VirusTotal.