Coming at a time when a growing number of people are taking holidays, this may catch people unawares, Infosecurity notes, when they are using a laptop on the road.
According to Rodel Mendrez, a threat analyst with M86 Security's New Zealand operation, the spam campaign seems to tied in with a Cutwail spambot variant.
"The theme has no specific credit card brand, possibly because the spammer thought a generic template may entice more victims", he says in his latest security posting, adding that the spammed message claims the credit card holder has an overdue credit card that needs to be settled within two days or else a late fee and interest will be imposed.
"The malicious application is attached in a zip file disguised as a credit card statement. Extracting the Zip file reveals a trojan downloader executable file that uses an Adobe PDF icon. When the executable is run it downloads a fake anti-virus executable from the following url:
http://mysteryforyou1[dot]ru/pusk.exe
"The fake AV pops up a fake warning", he says in his latest security blog.
Mendrez notes that spammers are constantly inventing new social engineering themes in an effort to distribute their malware.
Targeting credit card holders, especially in this tough economy, he explained, is just another theme in their portfolio.
"The spammers can change their themes over time, and often just recycle old ones. There is enough in this message to cause most people to be suspicious, especially the fact that your credit card company is unlikely to be emailing you in the first place. So, as usual, be wary", he says.