Bogus Invoice Purports to Come from a Gas Company, Contains DRIDEX Surprise

 Analysis by: Joachim Capiral

We spotted spam emails laden with DRIDEX malware that pretends to come from a British gas company. Unsuspecting users who opened the email will see an attached Word document file that has malicious macro detected by Trend Micro as W2KM_DRIDEX.YYSQJ and W2KM_DRIDEX.SQA respectively. DRIDEX is one of the prevalent online banking malware that sports various information theft routines such as HTML injections, form-grabbing, and clickshot taking among others.

The spammed message informs users about an invoice and the need to verify their account number to trick them into opening the attached file. As always, it is best practice to remain vigilant and verify first the legitimacy of such email messages. Trend Micro protects user systems by detecting the spam and malware.

 SPAM BLOCKING DATE / TIME: January 13, 2016 GMT-8
 TMASE INFO
  • ENGINE:8.0
  • PATTERN:2064