Cybercriminals impersonate T-Mobile U.K, serve malware


By Dancho Danchev

Cybercriminals are currently impersonating T-Mobile U.K, in an attempt to trick its customers into downloading a bogus billing information report. Upon execution, the malware opens a backdoor on the affected host, allowing the cybercriminals behind the campaign complete access to the infected PC.

More details:

Sample screenshot of the spamvertised email:

Sample detection rate for the malicious executable: MD5: b0d4dad91f8e56caa184c8ba8850a6bd – detected by 35 out of 44 antivirus scanners as Worm:Win32/Gamarue

That’s the same MD5 that was served in the recently profiled “Bogus DHL ‘Express Delivery Notifications’ serve malware” malicious campaign, indicating a (thankfully) low QA (Quality Assurance) on behalf of the cybercriminals behind the campaign who didn’t bother introducing a new malware variant.

Webroot SecureAnywhere users are proactively protected from this threat.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Join the Conversation

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s