Sponsored by..

Tuesday, 19 January 2016

Malware spam: "More scans" / admin / DOC201114-201114-001.DOC

This fake scanned document appears to come from admin@ the victim's own domain. There is no body text in the email.

From:    admin [admin@victimdomain.tld]
Date:    19 January 2016 at 09:42
Subject:    More scans
I have seen just a single sample with a document named DOC201114-201114-001.DOC which has a detection rate of 4/53 and which according to this Malwr report downloads from:


This download location was used in this earlier spam run but the payload has now changed, however it is still the Dridex banking trojan.


Marco Hass said...

Could you find out the reason for sending the e-mail? I received yesterday in my domain the same mail.

Jim O said...

Thanks for this. Received same email this morning and presumed my website had been hacked.

pristine said...

I have been receiving numerous emails like this, accidentally opened one of the attachments on my iOS mobile.
any ideas on what to do next?

Conrad Longmore said...

@pristine - this impacts Windows-based PCs only, your iPhone thingie should be OK>