Sponsored by..

Thursday, 19 March 2015

Malware spam: "Invoice ID:987654321 in attachment." from random senders

This spam has no body text and a randomly-generated sender name and invoice ID number. Sample subjects include:

Invoice ID:07dda8035 in attachment.
Invoice ID:09bf252 in attachment.
Invoice ID:108df399 in attachment.
Invoice ID:11847972 in attachment.
Invoice ID:156a35519 in attachment.
Invoice ID:16bb539 in attachment.
Invoice ID:16de0833 in attachment.
Invoice ID:17ff9887 in attachment.
Invoice ID:19b5b30 in attachment.

Sample senders:

Angelia Oliver
Annette Hunter
Austin Bennett
Belinda Cameron
Brittney Dixon
Buster Nolan
Candace Bowers
Christian Kemp
Clarissa Gentry
Cruz Mcintosh
Doug Haney
Dylan Poole
Erwin Hale
Gordon Downs
Hallie Neal
Oscar Bradshaw
Reyna Carver
Rosalie Acevedo
Sid Alston
Sophia Scott
Tanner Puckett
Tia Kline
Trudy Hensley
Valerie Delaney
Ivy Stokes
Jeanie Frye
Karin Frank
Kayla Travis
Mai Rowland
Marilyn Fleming
Minerva Glover

The Word document contains an embedded OLE object that leads to a malicious VBA macro. The payload is exactly the same as the one used in this attack.

1 comment:

Dan.F said...

Link to the other attack with same payload appears to be broken.