14 DAY TRIAL // In late March, Cisco reported identifying significant activity related to spam email messages purporting to contain a “secured message.”
According to Conrad Longmore of Dynamoo’s Blog, the spam emails are still doing the rounds.
The latest version of the malicious emails bears the “Fiserv Secure Email Notification” subject line and purports to come from Fiserv, a provider of information management and electronic commerce systems for the financial services industry.
The emails in question look something like this:
“You have received a secure message
Read your secure message by opening the attachment, SecureMessage_IZCO4O4VUHV83W1.zip.
The attached file contains the encrypted message that you have received.
To decrypt the message use the following password - Iu1JsoKaQ
To read the encrypted message, complete the following steps:
- Double-click the encrypted message file attachment to download the file to your computer. - Select whether to open the file or save it to your hard drive. Opening the file displays the attachment in a new browser window. - The message is password-protected, enter your password to open it.
To access from a mobile device, forward this message to [email protected] to receive a mobile login URL.”
The emails have nothing to do with the company, but cybercriminals are abusing its name and reputation in hope that they can trick a large number of users into opening the malicious files attached to the emails.
To make sure the bogus notifications stand a better chance of evading antivirus solutions, the cybercriminals have placed a password on the archive file. When users extract the so-called document and open it, they’re actually executing a piece of malware identified by Kaspersky as Trojan-PSW.Win32.Tepfer.lnga.
Currently, only 15 other antiviruses are capable of detecting the Trojan. Here’s an analysis of the malicious file from ThreatTrack Security.