Download our in-depth report: The Ultimate Guide to IT Security Vendors
The email, with the subject line "NatWest Statement," states, "Keep track of your account with your latest Online Merchant Financial Activity Statement from NatWest Bank. It's available for you to view at this secure site."
The hyperlink in the e-mail goes to a bit.ly shortened URL, which downloads a malicious file named Statement-pdf.scr. According to VirusTotal, only 8 of 53 leading anti-virus solutions currently identify the file as malicious, and it's not clear exactly what the malware actually does.
"One thing about bit.ly links is that if you put a '+' at the end of the link you can see how many people clicked it," notes Dynamoo's Conrad Longmore. "In this case, 236 people have clicked so far, mostly in North America. I suspect that quite a few of those are malware researchers!"