From: Tariq Bashir firstname.lastname@example.org
Reply-To: Tariq Bashir [email@example.com]
Date: 15 February 2014 11:03
Subject: Account Credited
I am sorry for my late response; our bank has credited 50% of Total amount on invoice to your bank account, the balance will be paid against BOL.
Find attached Bank TT and update us on delivery schedule.
Remal Al Emarat Travel & Tourism L.L.C.
Al Muteena Street, Salsabeel Building, 103
P.O. Box 56260, Dubai, UAE
Tel: +971 4 271 54 06
Fax: +971 4 271 50 65
Mobile: +971 50 624 62 05
The spam email originates from 188.8.131.52 (mail.giki.edu.pk) and comes with a malicious attachment TTCOPY.jar which is a Java application. This has a VirusTotal detection rate of 12/50 and the Malwr analysis reports an attempted connection to clintiny.no-ip.biz on 184.108.40.206 (GloboTech, Canada / MaXX Ltd, Germany).
Although this is an unusual threat, Java attacks are one of the main ways that an attacker will gain access to your system. I strongly recommend deinstalling Java if you have it installed.
I can find two highly suspect IP blocks belonging to MaXX Ltd which I recommend blocking, along with the domains specified below: