Sponsored by..

Wednesday, 23 November 2016

Malware spam: "financial records subpoena" / lawfirmofoklahoma.com

This spam purports to come from Michael T Diver who is a real Oklahoma attorney, but it doesn't really and is jut a simple forgery:

From:    MICHAEL T. DIVER [michael -at- lawfirmofoklahoma.com]
Date:    23 November 2016 at 15:24
Subject:    RE:RE: financial records subpoena

See you in court !!!

Subpoena for server

Thank you,

MICHAEL T. DIVER

T (405) 608-4990

F (405) 608-4991
The telephone number and also potentially the email address are genuine, but they are certainly not being sent from this law firm.

The link in the email goes to a legitimate but hacked Vietnamese site at techsmart.vn/backup2/get.php?id=[base64-encoded-part] (the last bit is a Base 64 representation of the victim's email address).

In testing the payload site was down, but previous emails of this type have lead to the Vawtrak banking trojan.

1 comment:

Troy Dawes said...

Not a lawyer, but you can't be served a subpoena by email. 1st red flag for me.