This fake "changelog" spam has a malicious attachment Changelog.zip which in turn contains a malware file named Changelog_Urgent_N992.doc.exe From: Logistics Express [admin@ups.com]
Subject: Re: Changelog 2011 update
Hi,
as promised changelog,
Michaud Abran
VirusTotal detects the payload as Cridex. The malware is resistant to automated analysis tools, but Comodo CAMAS reports the creation of a file C:\Documents and Settings\User\Application Data\KB00085031.exe which is pretty distinctive.
If your email filter supports it, I strongly recommend that you configure it to block EXE-in-ZIP files as they are malicious in the vast majority of cases.
No comments:
Post a Comment