Sponsored by..

Tuesday 6 January 2015

"PAYMENT ADVICE 06-JAN-2015" malware spam

This spam has a malicious attachment:
From:    Celeste , Senior Accountant
Date:    6 January 2015 at 10:13
Subject:    PAYMENT ADVICE 06-JAN-2015

Dear all,

Payment has been made to you in amount GBP 18898,28 by BACS.

See attachment.

Regards,

Celeste
Senior Accountant

I have only seen one sample so far, with a document BACS092459_473.doc which has a VirusTotal detection rate of 0/56 and which contains this macro [pastebin] which attempts to download an additional component from:

http://206.72.192.15:8080/mans/pops.php

This is exactly the same file as seen in this parallel spam run today and it has the same characteristics.

1 comment:

Simon said...

Here is one as well

https://www.virustotal.com/en/file/60f177a568bcfe84f7480c6328c5be80b3f8414c244f9517072f77ae530062b1/analysis/1420550338/

we seem to be getting a stream of them through 0365