Sponsored by..

Tuesday, 19 January 2016

Malware spam: "More scans" / admin / DOC201114-201114-001.DOC

This fake scanned document appears to come from admin@ the victim's own domain. There is no body text in the email.

From:    admin [admin@victimdomain.tld]
Date:    19 January 2016 at 09:42
Subject:    More scans
I have seen just a single sample with a document named DOC201114-201114-001.DOC which has a detection rate of 4/53 and which according to this Malwr report downloads from:


www.cnbhgy.com/786585d/08g7g6r56r.exe


This download location was used in this earlier spam run but the payload has now changed, however it is still the Dridex banking trojan.

4 comments:

Marco Hass said...

Could you find out the reason for sending the e-mail? I received yesterday in my domain the same mail.

Jim O said...

Thanks for this. Received same email this morning and presumed my website had been hacked.

pristine said...

I have been receiving numerous emails like this, accidentally opened one of the attachments on my iOS mobile.
any ideas on what to do next?

Conrad Longmore said...

@pristine - this impacts Windows-based PCs only, your iPhone thingie should be OK>