Analysis by: Cedrick Ramos

Another fake online bill has been spotted and the sample we found is posing to be from a British telecommunications company. The spammed message deceives its recipients by making the email look credible and familiar enough through the company's similar template. The body of the mail even contains legitimate URLs to disguise the link leading to the malware. It, however, comes with banking Trojan DRIDEX. Should the user click on the malicious link that is supposed to be his/her bill, a JS file will then be downloaded. The file infects the user's machine once it's executed.

The links are already detected as 'Dangerous - Malware Accomplice', while the downloaded file is detected as JS_DLOADR.AUSUCX. Trend Micro users are protected from this particular email threat. We advise the users to be wary of their emails and to never open attachments or links in unsolicited emails.
 SPAM BLOCKING DATE / TIME: September 14, 2017 GMT-8
 TMASE INFO
  • ENGINE:8.0
  • PATTERN:3330