Throughout September 2016 we have observed an actor sending malware to Canadian nationals by e-mail. Upon investigation we have determined the malware payload to be DELoader, which downloads a Zeus variant banking trojan upon execution.E-mail Lures
The e-mails typically pretend to be from the Canada Revenue Agency (CRA) claiming that the individual has a tax payment outstanding.
The e-mails contain an MSG attachment with an embedded OLE object. This is not a technique we see very often and is challenging for security products to detect due to the complicated MSG format. When the user opens the MSG attachment... Read more