The URL in the email takes you to a page on the domain reprsinos.com.
The website tries to download a file "StandardCertificate2008.exe" to your computer.
Trend Micro office scan picks up the malware as "Cryp_MEW-11".
Clip of the Spoofed Email:
"Attention to all Standard Bank Customers!To address this, Standard Bank has released a 128-bit SSL update for the online banking page that eliminates this bug."
Some Standard Bank customers have reported experiencing disconnect or write error issues with online banking.
I would suggest that all admins block access to the domain reprsinos.com on thier proxy servers imediatly.
Screenshot of spoofed website
UPDATE:
Some more emails have made it through:
Example Subject lines:
- Standard Offshore Bank - Security - security of individual customer information.
- Standard Offshore Bank - Security - We use some information to help identify
- Standard Offshore Bank - Security - Our customer information
Examble Email Body:
Attention to all Standard Bank Customers!
Some Standard Bank customers have reported experiencing disconnect or write error issues with online banking.
To address this, Standard Bank has released a 128-bit SSL update for the online banking page that eliminates this bug.
You can update your browser from our Customer Service Department>>>
More domains to Block:
- bizcombf.com