14 DAY TRIAL // Emails purporting to come from Lloyds TSB are being sent out by cybercriminals in an effort to trick unsuspecting users into installing a piece of malware on their computers.
The emails are entitled “You have received a new debit,” and they read something like this: “This is an automatically generated email by the Lloyds TSB PLC LloydsLink online payments Service. The details of the payment are attached.”
The attachment, named “Report_recipientname.zip” contains an executable file (Report_10252013.exe) that appears to be a PDF document.
In reality, it’s a version of the data-stealing ZeuS Trojan. The threat is detected only by around a dozen of the antiviruses from VirusTotal.
These types of emails were first spotted in late July 2013. Additional technical details on this spam campaign and the malware are available on Dynamoo’s Blog and on ThreatTrack Security’s Malicious Spam Alerts blog.