Websense ThreatSeeker Network intercepted a malware campaign targeting BlackBerry customers, I have read it is targeting BlackBerry business customers (I’m assuming BES customers?) and I have read regular users have been receiving these emails too. So I’m not sure if there is a specific target here.
The fake email states the users has successfully created a Blackberry ID. The messages then goes on to say “To enjoy the full benefits of your BlackBerry ID, please follow the instructions in the attached file.” That entices’ the user to open the attached file which of course has the malware attached.
The malicious email is a copy and paste of a legitimate email from RIM regarding your BlackBerry ID, just with the attachment including the malware though there is no malicious or compromised URL in it. 17/36 AV engines identify the malware in VirusTotal, Here.
According to ThreatScope analysis, which is a part of the Websense CSI service, running the attachment drops other executable files and modifies the system registry to automatically start these malware programs when the system starts.