Sponsored by..

Wednesday, 29 January 2014

"Voice Message from Unknown" spam (again)

This fake voice message spam comes with a malicious attachment:

Date:      Wed, 29 Jan 2014 14:45:36 +0100 [08:45:36 EST]
From:      Administrator [docs0@victimdomain.net]
Subject:      Voice Message from Unknown (644-999-4348)

 Unity Messaging System

- - -Original Message- - -

From: 644-999-4348

Sent: Wed, 29 Jan 2014 14:45:36 +0100

To: [redacted]

Subject: Important Message to All Employees 
Attached is an archive Message.zip which in turn contains a malicious executable VoiceMessage.exe which has a VirusTotal detection rate of just 6/50. Automated analysis tools [1] [2] [3] show attempted connections to kitchenrescue.com on (iWeb, Canada) and ask-migration.com on (Softlayer, US). In particular, it attempts to download some sort of encrypted file [donotclick]kitchenrescue.com/login.kitchenrescue.com/images/items/wav.enc which I have not been able to identify.

1 comment:

neminem said...

So this is weird - I just got an email that was clearly something weird, and I wanted to know its deal, so I googled. Here's the thing: it looks like this, but it has an actual wav file attached. Just to be on the safe side (someone could've found an exploit in wav playback or something), I converted it to an mp3 before listening to it - it seems to be an actual message left for someone? Certainly not one for me, but it was a legitimate sound file. My only thought is that the return number itself does something scammy, and they're hoping you'll call them back to tell them they got the wrong number?