Well... hi guys. Things have been a bit quieter without you. Anyway, this is the latest spam email purportedly from Dropbox, and using the same template as used in this ThreeScripts spam run.
Date: Fri, 18 Oct 2013 16:00:54 -0500 [17:00:54 EDT]
From: Dropbox [email@example.com]
Subject: Please update your Expired Dropbox Password
Priority: High Priority 1
We have a warning in our system that you recently tried to login in to Dropbox with a password that you haven't changed long time already. Your old password has expired and you'll need to create a new one to log in.
Please visit the page to update your password
Set New Password
- The Dropbox Team
© 2013 Dropbox
this one, and the executable is unchanged but now has a better VirusTotal detection rate of 29/48. The domain dynamooblog.ru was registered yesterday to the infamous Russian "Private Person" and is hosted on a lot of IPs that have been serving up Zbot for some time.
I'll have a closer poke at this network in a moment, but in the meantime this is my recommended blocklist: