BCA Banking 24.09.14- fake PDF malware — 4 Comments

  1. Thanks for the post, I was wondering if we were the targets of a mail based DOS attack but it seems not now I know it is not only us. Whoever is sending these is a clueless idiot as they are sending thousands of exactly the same email with exactly the same address for hours on end to a randomly generated address at the same domain. E.g,, We are seeing 5 being sent every minute and this goes on for days. If recipients don’t have catchall mailboxes they won’t get any of this rubbish in their inbox. Even if they do they will soon workout that exactly the same email being received 5 times a minute for hours is bogus and block the sending address which is the same too. It has characteristics more akin to a DOS mail than a spam run which is why I checked. If whoever is behind this is intending to spam they are complete idiots.

    • I am getting hundreds of these, every hour and have had about 3,000 so far today.
      They look like they are picking on a domain at random and using a dictionary attack to send to all combinations. On some email accounts, I get a multitude of proper names that just might have an associated email address with them somewhere, but on others, they are totally random , just like yours. As you say they are idiotic and is probably due to a misconfigured bot or a clueless newbie botherder.

  2. had one of these on wifes computer this morning and told her in no uncertain terms [ she was suspicious and asked me about it before doing anything ] – do NOT attempt to open any ZIP or PDF file that has the word ‘ACCOUNT’ in it. No accounts are sent to us unless 1. we are told this account will be forth coming 2, they are NEVER archived but in plain message text 3. if you do not recognise the account sender – park the file and google ‘name’ virus – and – ‘name’ malware. If it shows up – delete. if your still not certain – peek inside the file with winzip and read the file names – the rest is obvious.

  3. Thanks for this

    The funny thing is I actually do work for Halls Estate Agents. I’m assuming they have been infected and that is why it’s being sent from them.

Leave a Reply

Your email address will not be published. Required fields are marked *