This past week, we have observed a wave of spam e-mails being sent to random addresses and containing a short link to a compromised webserver, on which a malicious file is hosted.
In case the victim is fooled to click on the link, it will serve up a zip-file, e.g. “Documents.zip”, “Document-[random numbers].zip”, “eFax -[random numbers].zip” or “CompaniesHouse-[random numbers]", which when unzipped and run will infect the system with the downloader known as Upatre. As next, it will fetch and execute Dyreza, a recently discovered trojan banker malware, which is downloaded from a list of URLs specified in the downloader.
more here................https://www.csis.dk/en/csis/blog/4318/
In case the victim is fooled to click on the link, it will serve up a zip-file, e.g. “Documents.zip”, “Document-[random numbers].zip”, “eFax -[random numbers].zip” or “CompaniesHouse-[random numbers]", which when unzipped and run will infect the system with the downloader known as Upatre. As next, it will fetch and execute Dyreza, a recently discovered trojan banker malware, which is downloaded from a list of URLs specified in the downloader.
more here................https://www.csis.dk/en/csis/blog/4318/