Sponsored by..

Thursday 17 December 2015

Malware spam: "James Wheatley sent you an document file!" / wheatjam@gmail.com

Poor old James Wheatley is a real person who must have pissed off some Russians somewhere (perhaps it is a Joe Job). This fake WhatsApp spam in his name has a malicious attachment.

From:    James Wheatley [wheatjam@gmail.com]
Date:    17 December 2015 at 09:50
Subject:    James Wheatley sent you an document file!

---
---
Sent by WhatsApp
There seem to be a few variants of the attachment, these have a detection rate of about 4/55 [1] [2] and analysis of those two examples [3] [4] download a malicious binary from:

www.nz77.de/65dfg77/kmn653.exe
old.durchgegorene-weine.de/65dfg77/kmn653.exe


This payload is the same as the one found in this spam run earlier today.


2 comments:

Unknown said...

Wow that's spooky, Just Googled James Wheatley's email address as I was obviously suspicious and first result is your blog. Hope you and the family are well Regards, Mike W (Avantime)

Conrad Longmore said...

:)
If they wanted to target us they should send out an email with "free Avantime centre caps" in the subject..