This spam leads to Locky ransomware:
From: Meagan Branch
Date: 27 May 2016 at 12:35
Subject: Information request
Dear [redacted],
As per our discussion yesterday, please find attached the amended meeting minutes.
I have accepted the majority of the changes requested, however there are some that I have left in the document.
I have included the edits as track changes.
Please confirm that the changes we have made are acceptable.
Many thanks
Regards,
Oramed Pharmaceuticals Inc.
Meagan Branch
Phone: +1 (620) 980-41-94
The senders vary from email to email. Attached is a ZIP file with a malicious script, which in the examples that I have found downloads one of a variety of malicious executables
[1] [2] [3] [4] which call home to the same IP addresses found in
this earlier spam run.
No comments:
Post a Comment