Fake Letter Response Email Comes With DRIDEX

 Analysis by: Catherine Loveria

Subject: Fake Letter-Response email with DRIDEX attachment

DRIDEX is a notorious online banking malware that performs a plethora of information theft routines such as form-grabbing, HTML injections, and clickshot taking among others. We recently spotted a spam run that comes with DRIDEX malware. It bore the subject, Emailing: 120205 Letter-response A3 2-2 and pretended to come from Plan4Print UK. It has a .DOC file attachment that when users opened, a macro embedded in the document triggers the download of the malware detected as W2KM_DRIDEX.AY.

Trend Micro protects users by detecting the malicious file as well as the spammed email. Users are advised to be wary in opening emails even if these came from seemingly legitimate sources. Verify first the legitimacy of the email before opening and executing the attachment.

 SPAM BLOCKING DATE / TIME: January 20, 2016 GMT-8
 TMASE INFO
  • ENGINE:8.0
  • PATTERN:2078