Sponsored by..

Monday, 23 December 2013

QuickBooks spam / Invoice.zip

This fake QuickBooks spam has a malicious attachment:

Date:      Mon, 23 Dec 2013 07:54:35 -0800 [10:54:35 EST]
From:      QuickBooks Invoice [auto-invoice@quickbooks.com]
Subject:      Important - Payment Overdue

Please find attached your invoices for the past months. Remit the payment by 12/23/2013 as outlines under our "Payment Terms" agreement.

Thank you for your business,

Randal Owen

This e-mail has been sent from an automated system.  PLEASE DO NOT REPLY.

The information contained in this message may be privileged, confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify your representative immediately and delete this message from your computer. Thank you. 

Attached to the message is a file Invoice.zip which has a VirusTotal detection rate of 5/44, which in turn contains a malicious executable Invoice.exe with a detection rate of 5/49.

Automated analysis [1] [2] [3] shows an attempted connection to wifordgallery.com on (Hosting Services Inc, US), it appears to be the only domain on that server so blocking the IP or domain itself may give you some protection against this current run of malware.

1 comment:

gail hart said...

New one as of today now an eviction notice, let them try as I rent from my parents who own the house. LOL