« Get Your McTrojan | Main | Overdue Notices, Part 1.1 »

June 27, 2011

Here's another malware delivery email...this one in the form of an anonymous (some "Notification robot") advisory that your credit card is overdue. Do they mean "credit card payment" or what? These guys really don't know how to make a threatening collection.

The namelessness of the supposed credit card company is quite a joke. Even when a credit card company wants to hound you for a late payment, it's quite sure to spread its brand name all over the place. Moreover, unless you've specifically set up such a notification with your credit card company, it won't notify you to avoid a late charge: They'd much rather you skip the payment so they can beat you over the head with next month's statement of fees and additional accrued interest.

The full text of the email follows:

From: Notification robot
Subject: Credit Card Overdue

Credit Card Overdue

Dear Client,

Your Credit Card is one-week overdue. Below is your Card Information

Customer Number : 3280722295

Card Limit ($): 3500

Pay Date: 27 JUN 2011

Attached is Your Credit Card Statement, if You pay the debt within 2 days, there will be no extra-charges. In 2 days $25 late fee and a finance charge will be imposed on your account.

If You have any questions, do not hesitate to contact us.

Trust me: The attachment is not a credit card statement. Nor is this any kind of phishing or extortion plot. The file, named Customer details.zip, contains a Trojan loader (Customer details.exe). If you unzip the file (and run the .exe), you have essentially unzipped your PC's pants. Its private parts won't be private anymore.