Wednesday, 6 November 2013

"Voice Message from Unknown" spam /

This fake voice mail spam comes with a malicious attachment:

Date:      Wed, 6 Nov 2013 22:22:28 +0800 [09:22:28 EST]
From:      Administrator [voice9@victimdomain]
Subject:      Voice Message from Unknown (886-966-4698)

- - -Original Message- - -

From: 886-966-4698

Sent: Wed, 6 Nov 2013 22:22:28 +0800

To: recipients@victimdomain

Subject:  Private Message 
The email appears to come from an email address on the victim's own domain and the body text contains a list of recipients within that same domain. Attached to the email is a file which in turn contains a malicious executable VoiceMail.exe with an icon to make it look like an audio file.

This malware file has a detection rate of 3/47 at VirusTotal. Automated analysis tools [1] [2] show an attempted connection to  on (Xeex, US) which is a web host that has been seen before in this type of attack.

Xeex seems to divide up its network into /28 blocks, which would mean that the likely compromised block would be which contains the following domains:

Those domains are consistent with the ones compromised here and it it likely that they have all also been compromised.

Recommended blocklist:

1 comment:

Idham Khaleed said...

Thanks for sharing the post,I have found the same SPAM e-mails are successfully bypassing our SPAM filter, and lot of users received those spam e-mails, should I apply the recommended block list, can you please suggest more with the imapct if I block list following the recommendation.