Botnet SPAM campaign against the Commonwealth Bank of Australia NetBank and the HSBC

As of July 15th we are seeing in our Malware Capture Facility at the CVUT University a SPAM campaign against the  NetBank (the Commonwealth Bank of Australia) and the HSBC. Our captre facility has been collecting botnet traffic for some time and is able to analyze the traffic patterns. These past days we have seen a quite large SPAM attack against both banks.

The SPAM attack against the NetBank has the subject "You have received a secure message" and appears to come from the mail address "NetBankNotification@cba.com.au".  The message is sending the following text to the users:

You have received a secure messageRead your secure message by opening the attachment, SecureMessage.zip.  You will be prompted to open (view) the file or save (download) it to  your computer. For best results, save the file first, then open it. If you have concerns about the validity of this message, please  contact the sender directly. For questions please contact the Commonwealth Bank of Australia NetBank. First time users - will need to register after opening the attachment. About Email Encryption - http://www.commbank.com.au/about-us.html

Finally, this mail has an attachment file called "SecureMessage.zip". 

The attack was first seen in our monitor system on Ju ly 11th 2013.



On the same campaign we saw a SPAM attack against the HSBC bank. 

The message appears to come from the mail address "payment.advice@hsbc.com.hk" and has the subject "Payment Advice - Advice Ref:[B62720685918]". The text of the message is 

Sir/MadamUpon your request, attached please find payment e-Advice for your reference. Yours faithfully HSBC

*********************************************************

We maintain strict security standards and procedures to prevent unauthorised access to information about you. HSBC will never contact you by e-mail or otherwise to ask you to validate personal information such as your user ID, password, or account numbers. If you receive such a request, please call our Direct Financial Services hotline.Please do not reply to this e-mail. Should you wish to contact us, please send your e-mail to commercialbanking@hsbc.com.hk and we will respond to you.Note: it is important that you do not provide your account or credit card numbers, or convey any confidential information or banking instructions, in your reply mail.Copyright. The Hongkong and Shanghai Banking Corporation Limited 2005. All rights reserved.

*********************************************************

This mail is sending an attachment called "Payment_Advice.zip". 

Both attachments correspond to a second stage malware that infects the computer, download more binaries and remain in the computer waiting.

Be careful and do not open attachments like this.