Targeted e-mail attacks asking to verify wire transfer details

There is a new e-mail wave doing the rounds. It is a very targeted e-mail attack against different organizations, that contains an attached malware specimen in the form of a RTF file, called “details.rtf”. The mail asks the victim to verify a wire transfer, being the malicious attachment the alleged wire statement.

In some of the cases, the victims are indeed financial personnel within the target organization in charge of daily wire transfers. Time to spread an internal awareness campaign in your financial departments!

The current AV detection rate is low (according to VirusTotal) for the samples we have received:

  • 7/39 – SHA1 : 0f7288043f556542744fd2c87511ff002b5d5379
  • 4/39 – SHA1 : e248fd659415f15d1238063efd1f122f91ac071c

The spare phishing e-mail looks like this:

From: Kenneth Duford [mailto:ken.duford@]
Sent: Wednesday, June 0X, 2009 XX:XX PM
Subject: Re:Please verify wire details

The wire transfer has been released.

AMMOUNT : $17,653.15

Please check the wire statement attached and let me know if everything is correct.
I am waiting for your reply.

Kenneth Duford

--- On Sun, 02/06/09, wrote:

Subject: wire transfer
To: ken.duford@
Date: Mon, 1 June 2009, 10:47 AM

We still haven't received the wire transfer.
Thank you


~ by bestbooter on June 18, 2009.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: