ABSA Global business customers certificate update
[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
VERY IMPORTANT INFORMATION, READ THIS FIRST: The example and associated information published on this page are subject to the SHPAMEE Terms Of Use. Please familiarise yourself with these terms before viewing or using any information on this page.
Header:
From - Sun Apr 6 21:07:46 2014
X-Account-Key: account2
X-UIDL: x
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
X-Apparently-To: x
X-YahooFilteredBulk: 62.46.144.64
Received-SPF: none (domain of yahoo.com does not designate permitted sender hosts)
X-YMailISG: x
X-Originating-IP: [62.46.144.64]
Authentication-Results: mta1102.mail.ir2.yahoo.com from=yahoo.com; domainkeys=neutral (no sig); from=yahoo.com;
dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO highway.telekom.at) (62.46.144.64)
by mta1102.mail.ir2.yahoo.com with SMTP; Mon, 17 Mar 2014 07:46:21 +0000
Received: from tbuhautidtbtjauhivhtegvth (192.168.1.78) by tbuhautidtbtjauhivhtegvth. (62.46.144.64) with Microsoft SMTP
Server id 8.0.685.24; Mon, 17 Mar 2014 08:46:14 +0100
Message-ID: <x@yahoo.com>
Date: Mon, 17 Mar 2014 08:46:14 +0100
From: humiliatesg6@yahoo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101103 Thunderbird/3.1.6
MIME-Version: 1.0
To: <x>,
<x>,
<x>,
<x>,
<x>
Cc: x
Subject: ABSA Global business customers certificate update
Content-Type: multipart/alternative;
boundary="------------08010100302010802080205"
X-Account-Key: account2
X-UIDL: x
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
X-Apparently-To: x
X-YahooFilteredBulk: 62.46.144.64
Received-SPF: none (domain of yahoo.com does not designate permitted sender hosts)
X-YMailISG: x
X-Originating-IP: [62.46.144.64]
Authentication-Results: mta1102.mail.ir2.yahoo.com from=yahoo.com; domainkeys=neutral (no sig); from=yahoo.com;
dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO highway.telekom.at) (62.46.144.64)
by mta1102.mail.ir2.yahoo.com with SMTP; Mon, 17 Mar 2014 07:46:21 +0000
Received: from tbuhautidtbtjauhivhtegvth (192.168.1.78) by tbuhautidtbtjauhivhtegvth. (62.46.144.64) with Microsoft SMTP
Server id 8.0.685.24; Mon, 17 Mar 2014 08:46:14 +0100
Message-ID: <x@yahoo.com>
Date: Mon, 17 Mar 2014 08:46:14 +0100
From: humiliatesg6@yahoo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101103 Thunderbird/3.1.6
MIME-Version: 1.0
To: <x>,
<x>,
<x>,
<x>,
<x>
Cc: x
Subject: ABSA Global business customers certificate update
Content-Type: multipart/alternative;
boundary="------------08010100302010802080205"
Body:
Attention!
On March 14, 2014 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole.
For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.
This procedure is quite simple. All you have to do is just to install new server certificate attached to the letter.
Thank you in advance for your attention to this matter and sorry for possible inconveniences.
System Administrator ABSA Global
On March 14, 2014 server upgrade will take place. Due to this the system may be offline for approximately half an hour.
The changes will concern security, reliability and performance of mail service and the system as a whole.
For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.
This procedure is quite simple. All you have to do is just to install new server certificate attached to the letter.
Thank you in advance for your attention to this matter and sorry for possible inconveniences.
System Administrator ABSA Global
Comments:
Related Cyber Criminal Profiles:
No related profiles found.Similar Spam Examples:
ABSA Excess Charges Refund Banking Phishing ScamBanking Phishing Scam - Your Pending EFT Payment!!!
ABSA Bank Phishing Scam - Authorized EFT Payment Received
SARS Efiling / ABSA Payment Notification Phishing Scam
ABSA Banking Phishing Scam - 2012 - SARS PAYMENTS
Related Malware Samples:
ABSA certificate update.exe - Trojan.horse.Zbot.GIL[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
The biggest giveaway that this e-mail is not from ABSA.
Right and this helps us how? Did you notice that you sent this e-mail on the 17th of March 2014. Folks, do you see how easy it is to spot the scam by just keeping your eyes peeled and paying attention to the basic common knowledge stuff. You don't need a masters degree in hacking to see that this is a scam.
This sentence just doesn't sound right, doesn't sound like anything that would come from a bank. Browsers and mail clients does not need some SSL update procedure, if they need an update the developer of the browser or mail client will issue the update, not your bank.
All you have to do is delete this e-mail immediately. No bank will send you some executable file via an e-mail to install some kind of update or server certificate.
File attached to e-mail: ABSA certificate update.zip
Zip file contains executable: ABSA certificate update.exe
Exe file infected with: Trojan Horse ZBot
The ZBot (or Zeus) Trojan is well known for collecting sensitive information from its victims, specifically banking information.