14 DAY TRIAL // Internet users could end up with a piece of malware on their computers if they open fake “Payment Fund” emails sent out by cybercriminals.
The malicious notifications purport to come from the Federal Reserve Financial Services and they read something like this:
“ALERT! A bank Wire transaction, Has just been rejected from checking 656778*** account. to your bank confirmed by the FedWire. Transaction ID: 99076900 Date: 2/3/2014 Transfer Origination: Fedline
Please review the attached copy of transaction report.”
Dynamoo’s Blog informs that the file attached to these emails, Wire.Transfer.rar, actually hides a malicious executable. It’s worth noting that the executable file doesn’t have the .exe extension, so unless the victim renames the file and adds it manually, the infection doesn’t work.
A VirusTotal report from a few hours ago shows that only 7 antivirus engines are capable of detecting the threat based on its signature.
It’s possible that variants of these emails that come with a working executable are also making the rounds, so beware. If you’re a victim of this attack, regularly scan your computer with an updated antivirus. The threat will likely be detected after a few virus definition updates.