Multiple messages are delivered to the same user
A recent version of the Dyre banking Trojan, delivered via phishing, has been seen to integrate communication through the I2P anonymization network.
Researchers have tried to interact with the I2P node found in the malware sample but no response was received.
Phishing message points to malware dropper
The “voice notification” theme is currently used in emails to trick unsuspecting users into downloading a malware dropper on the system, which later funnels in the Dyre banking Trojan.
Different subject lines are available for the message, which suggests that the cybercriminals automate the process of sending the emails and have integrated a mechanism to avoid detection.
The emails offer a link that claims to take the victim to the voice message, but instead a ZIP archive is downloaded, which carries the Upatre malware dropper. Once launched, the dropper adds Dyre, also known as Dyreza.
http://i1-news.softpedia-static.com/images/news2/Dyre-Trojan-Distributed-Via-Malicious-Voice-Message-Notification-467237-6.jpg
Full Article