14 DAY TRIAL // Experts warn of a new malware distribution campaign that leverages fake emails apparently coming from Government Gateway, a system which enables users to access national and local online services of the United Kingdom government.
The emails, entitled “Gateway Registration Notification” and apparently coming from [email protected], read something like this:
“Thank you for registering for the Government Gateway. The Government Gateway is the UK’s centralised registration service for e-Government services. To find out which Government Services are available on-line please see attached form.
You may enroll for the on-line Services at any time; however, some services need to be activated before you can use them. For these services you will receive a letter confirming your Activation code and instructions on how to activate the service, within seven days of enrolling.”
A zip archive named “Government Gateway Reg Form.zip” is attached to the fake emails. The archive contains a file called Government Gateway Reg Form.exe, which hides a piece of malware.
According to experts from MX Lab, the same cybercriminals appear to be behind a spam campaign that relies on fake Royal Bank of Scotland emails.
These emails are entitled “Important – attached form” and they read something like this:
“Check attached form. Douglas_Herron Portfolio Manager Commercial Banking Support Thames Gateway Commercial Office 2nd Floor, Riverbridge House, Anchor Boulevard, Crossways, Dartford, Kent DA2 6SL Depot Code 023”
The rest of the email represents legal information copied form the official Royal Bank of Scotland website.
If you come across such emails, don’t open the attachments. If you've already done so, scan your computer regularly with an antivirus solution to make sure it hasn’t become infected with malware.
Additional technical details on these malware campaigns are available from Cisco and MX Lab.