US Treasury Spam Campaign Leads to KOVTER Malware

 Analysis by: Mary Isabel Segismundo

Spammers are leveraging the US Department of Treasury for its social engineering tactics. The email sample appears to be a notification from the Federal Reserve Bank regarding restrictions on wire transfers. While there’s not anything new in this technique, we observed that the filename of the attachment is customized using the email address of the user. In addition, the spammers also employed emails like to trick users into thinking that this is a legitimate email. The said attachment is a malicious file which Trend Micro detects as X2KM_DLOADR.QIW and X2KM_BARTALEX.XYVZ respectively. The final payload is detected as TROJ_KOVTER.EB.

Users are advised to remain vigilant when opening emails and downloading attachments from unknown senders. It’s also best to use a security technology that can detect spam emails as well as malicious files.

 SPAM BLOCKING DATE / TIME: November 25, 2015 GMT-8
  • ENGINE:8.0
  • PATTERN:1966