From: Megtrade groups [firstname.lastname@example.org]Unusually, this email does not appear to be sent out by a botnet but has been sent through Gmail. The link in the email goes www.ebayonline.com.ng/download/ohafi/jfred/Purchase%20Order%20Copy_pdf.7z where it downloads a file Purchase Order Copy_pdf.7z which (if you have 7-Zip installed) uncompresses to the trickily-named (1) Purchase Order Copy.pdf ___________________ (2) Delivery Time and Packing.pdf _______________________ _____ Adobe Reader.pdf or in .exe
Date: 10 February 2015 at 15:47
Subject: RE: Purchase Order Copy
I just got back from business trip, Please find attached our purchasing order let us know price so as to confirm sample with your company.
You give us your payment terms but note our company payment policy 30% prepayment after confirming proforma invoice from you and the balance against copy of B/L.
Kindly treat as urgent and send invoice, I await to have your urgent reply to proceed.
Thanks & Best regards,
NZ Megtrade Groups Ltd
Download Attachment As zip
As you might expect, this is malicious in nature and has a VirusTotal detection rate of 34/57. The Malwr analysis indicates that this installs a keylogger among other things.