Spam email still continues, this time we received a fake email claiming to be from #experian. In the email there is also an attachment with the name “Credit_Report_03142013.zip“, when extracted will produce a file named “Credit_Report_03142013.exe” with the icon as a PDF file. Number in the file name is random.
Following is the copy of the text:
Membership ID #340820489
A Key Change Has Been Posted to One of Your Credit Reports
A key change has been posted to one of your three national Credit Reports. Each day we monitor your Experian®, Equifax� and TransUnion� Credit Reports for key changes that may help you detect potential credit fraud or identity theft. Even if you know what caused your Report to change, you don’t know how it will affect your credit, so we urge you to do the following:
View detailed report by opening the attachment.
You will be prompted to open (view) the file or save (download) it to your computer.
For best results, save the file first, then open it in a Web browser.
Contact our Customer Care Center with any additional questions.
Note: The attached file contains personal data.
Your Experian.com membership gives you the confidence you need to look after your credit. We encourage you to log-in regularly to take full advantage of the benefits your membership has to offer, such as unlimited access to your Credit Report and Score Tracker. Notifications like this are an important part of your membership, and in helping you stay on top of your credit.
The VirusTotal scan results are not pretty good, only 9 of 45 antivirus engines are detect this malware. At the moment there is no exact detection name, only generic or detected by heuristic engine. But we have checked that it is a variant of trojan spy Zeus or also known as Zbot.
If you receive similar spam or phishing emails, don’t hesitate to share with us in comments.
