In case you come across an email entitled “Remittance Docs” from a Chase Private Banking Officer – named something like Brittany Kim or Jed Gregory – you should refrain from opening the attachment.
That’s because the emails are part of a malicious scheme designed to distribute information-stealing malware onto the computers of unsuspecting Internet users.
“Please find attached the remittance 6612542. If you are unable to open the attached file, please reply to this email with a contact telephone number. The Finance Dept will be in touch in due course,” the emails read.
At first sight, the file that’s attached to them (Docs_victimdomain.com.zip) might appear harmless, but in reality it’s an executable that unleashes ZeuS, a Trojan that’s capable of stealing sensitive information – including online banking details – from the infected computer.
Technical details of this campaign are available on Dynamoo’s Blog and on MX Lab’s blog.