The form can be used for multiple years, however it needs to re-signed annually by employee and supervisor. Please confirm all employees that may travel using their private car on state business (including training) has a current STD 261 on file. Not having a current copy of this form on file in Accounting may delay a travel reimbursement claim.
Again, our awareness training drills the point that you never open random email attachments or follow random links into our heads. The attachment for this email was rather simple: Form.idgenterprise.com.zip
Like the previously covered phishing scam, this too contained a Zeus Trojan variant. Although, the uptick in detection was faster this time around, with 24 of 48 AV engines on VirusTotal detecting the malware for what it is, as of early Wednesday morning.
This email likely originated from the same group of bots that sent the last one. As covered in the slideshow that examined the previous campaign's headers, this message also came from a Comcast user, but the headers show sources in Indiana and Florida. However, there were other ISPs included, which were scattered throughout the globe.
This scam spoofed the idgenterprise.com domain, but it also used aexp.com again as the Return-Path as well as the Received header. As mentioned previously, AEXP.com is American Express, and this domain has been spoofed by criminals many times in the last year, including several noted Phishing attacks. The domain itself is usually whitelisted by network defenses, due to the use of corporate credit cards.
For additional technical details, including a list of domains and IPs to block, as well as files dropped, the Malwr report has them.
Sign up for CIO Asia eNewsletters.