ThreatTrack Security - Malicious Spam Alerts
NatWest Financial Activity Spam

Subjects Seen:

  1. NatWest Statement

Typical e-mail details:

Keep track of your account with your latest Online Financial Activity Statement from NatWest Bank. It’s available for you to view at this secure site. Just click to select how you would like to view your statement:

View/Download as a PDF

View all EStatements

So check out your statement right away, or at your earliest convenience.

Thank you for managing your account online.

Sincerely,

NatWest Bank

Malicious URLs:

  1. migrantessiena.it/ryvwggvnqq/iqxiwvlgbi.html
  2. merkad.dk/hobqblmdlw/iqgshqbvhy.html

Malicious File Name and MD5:

  1. Invoice102740_448129486142_pdf.zip (AB73E265DD38751BC7A93BB1553E7A17)
  2. Invoice102740_448129486142_pdf.exe (DF72B7AD1FDE2B257E422B8D1C072523)
Line Voice Message Spam

Subjects Seen:

  1. You have a voice message

Typical e-mail details:

LINE Notification

You have a voice message, listen it now.
Time: 21:12:45 14.10.2014, Duration: 45sec

Malicious URLs:

  1. iagentnetwork.com/sql.php?line=gA7EF9bA7ns68jJ0eBi8ww

Malicious File Name and MD5:

  1. LINE_Call_<phone number>.zip (7FC6D33F62942B55AD94F20BDC7A3797)
  2. LINE_Call_<phone number>.exe (C3E0F4356A77D18438A38110F8BD919E)
NatWest Secure Message Spam

image

Subjects Seen:

  1. You have received a new secure message from NatWest

Typical e-mail details:

You have a new private message from NatWest

To view/read this your secure message please click here

Email Encryption Provided by NatWest. Learn More.

Malicious URLs:

  1. high-hollin.org/cratbsxzdy/hkuzbvbfoo.html

Malicious File Name and MD5:

  1. SecureMessage.zip (68A161C7A92569090F5D0FB196B1DEF8)
  2. SecureMessage.scr (AE3D2F8620F01C7B51DCA829F8386DFA)
HM Courts & Tribunals Service Spam

image

Subjects Seen:

  1. Compensation Summons

Typical e-mail details:

To Whom It May Concern,


     Your Company (named Respondent)
Is found to be in default because of its failure to follow with the Administrative Law Judge’s Prehearing Order without good enough cause, and such default by Respondent constitutes an admission of all facts alleged in the Complaint and a waiver of Respondent’s freedom to contest such factual allegations. Respondent violated the section 9(6), paragraph B13(1) of the Jobseekers Act 1995.

We advise you to download a scanned document of original Complaint at Tribunal in attachment below.

Commitee Chair: E. Harmon
Member Representative of Employers: C. Gordon
Member Representative of Workers: W.C. Rocha

West London County Court
West London Courthouse
181 Talgarth Road
Hammersmith
London
W6 8DN

Malicious File Name and MD5:

  1. Copy4855.zip (854ADF297E8B1D79BA0E744F90AFDE50)
  2. Copy of original Complaint at Tribunal.docx.exe (6D9BDE90B81C064ACA5ED994BC8A981A)
RBC Royal Bank Spam

image

Subjects Seen:

  1. You have received a new secure message from RBC Royal Bank Customer Service

Typical e-mail details:

You have received a secure message

This is an automated message sent by Royal Bank Secure Messaging Server.
The link above will only be active until: 09/10/2014

Please click here or follow this link : royalbank.com/cgi-bin/rbaccess/rbcgi3m01

Help is available 24 hours a day by email at secure.emailhelp @rbcroyalbank.com

If you have concerns about the validity of this message, please contact the sender directly. For questions about Royal Bank’s e-mail encryption service, please contact technical support at 1-800-769-2511.

First time users - will need to register before reading the Secure Message.

Malicious URLs:

  1. halilbekrek.com/TUTOS/libs/excel/install6.exe
  2. 66.235.98.169/rbc.com/webapp/ukv0/signin/logon.php
  3. 66.235.98.169/rbc.com/webapp/ukv0/signin/report/09.08.14report.pdf
  4. 84.45.53.45/rbc.com/webapp/ukv0/signin/logon.php
  5. 84.45.53.45/rbc.com/webapp/ukv0/signin/message.html
  6. 84.45.53.45/rbc.com/webapp/ukv0/signin/report/09.08.14report.pdf
  7. erajans.com.tr/lnmdylzqap/npbtxtuolc.html

Malicious File Name and MD5:

  1. install6.exe (e3fbc7b3bf11f09c5ee33b1e1b45f81b)
  2. 09.08.14report.pdf (ecddafa699814679552d2bf95fc087e5)
  3. OfigGigg.dat (85d42ccc12301bbda27abf4c0b7eb7ff)
AT&T DocuSign Spam

Subjects Seen:

  1. Please DocuSign this document: Contract_changes_08_27_2014.pdf

Typical e-mail details:

Hello,

AT&T Contract Changes has sent you a new DocuSign document to view and sign. Please click on the ‘View Documents’ link below to begin signing.

Malicious URLs:

  1. 79.172.51.73/Docusign/wps/myportal/sitemap/Member/ATT/SignDocument/7c16d8c7-e5ad-4870-bb79-1c1e4c9b35d6&er=fb88d3b6-88f4-4903-ae77-41754063bd7c/Contract_changes_08_27_2014.zip

Malicious File Name and MD5:

  1. Contract_changes_08_27_2014.zip (5ED69A412ADB215A1DABB44E88C8C24D)
  2. Contract_changes_08_27_2014.exe (C65966CCA8183269FF1120B17401E693)
ADP Past Due Invoice Spam

Subjects Seen:

  1. ADP Past Due Invoice

Typical e-mail details:

Your ADP past due invoice is ready for your review at ADP Online Invoice Management .

If you have any questions regarding this invoice, please contact your ADP service team at the number provided on the invoice for assistance.

Please note that your bank account will be debited within one banking business day for the amount(s) shown on the invoice.

Review your ADP past due invoice here.

Important: Please do not respond to this message. It comes from an unattended mailbox.

Malicious URLs:

  1. 81.80.82.27/upload/portal.adp.com/wps/myportal/sitemap/PayTax/PayStatements/invoice_449017368.zip

Malicious File Name and MD5:

  1. invoice_449017368.zip (CF55AD09F9552A80CD1534BD392B44D1)
  2. invoice_449017368.exe (C65966CCA8183269FF1120B17401E693)
Royal Bank of Canada Payment Spam

Subjects Seen:

  1. The Bank INTERAC to Leo Dooley was accepted.

Typical e-mail details:

The INTERAC Bank payment $19063.01 (CAD) that you sent to Leo Dooley, was accepted.
The transfer is now complete.
Message recipient: The rating was not provided.

See details in the attached report.

Thank you for using the Service INTERAC Bank RBC Royal Bank.

Malicious File Name and MD5:

  1. INTERAC_PAYMENT_08262014.exe (B064F8DA86DB1C091E623781AB464D8A)
  2. INTERAC_PAYMENT_08262014.zip (71239A9D9D25105CEC3DF269F1FDCA2D)
Bank of America Merrill Lynch CashPro Spam

Subjects Seen:

  1. Bank of America Merrill Lynch: Completion of request for ACH CashPro

Typical e-mail details:

You have received a secure message from Bank of America Merrill Lynch

Read your secure message by opening the attachment, securedoc.html. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it in a Web browser.
If you have concerns about the validity of this message, contact the sender directly.
First time users - will need to register after opening the attachment.

Malicious URLs:

  1. 161.58.101.183/handler/jxpiinstall.exe

Malicious File Name and MD5:

  1. securedoc.html (D6E1DD6973F8FAA730941A19770C97F2)
  2. jxpiinstall.exe (C3110BFDD8536DC627336D7F7A6CC2E7)
Bank of America Activity Alert Spam

image

Subjects Seen:

  1. Bank of America Alert: A Check Exceeded Your Requested Alert Limit

Typical e-mail details:

Activity Alert
A check exceeded your requested alert limit
We’re letting you know a check written from your account went over the limit you set for this alert.
For more details please check attached file

Malicious File Name and MD5:

  1. report08252014_6897454147412.scr (7ED898AA2A8B247F7C7A46D71B125EA8)
  2. report08252014_6897454147412.zip (FF4C74D80D3C7125962D7316F570A7FF)