Sponsored by..

Wednesday 9 October 2013

"Annual Form - Authorization to Use Privately Owned Vehicle on State Business" spam / warehousesale.com.my

This oddly-themed spam has a malicious attachment:

Date:      Tue, 8 Oct 2013 11:49:49 -0600 [10/08/13 13:49:49 EDT]
From:      Waldo Reeder [Waldo@victimdomain.com]
Subject: Annual Form - Authorization to Use Privately Owned Vehicle on State Business

All employees need to have on file this form STD 261 (attached).  The original is
retained by supervisor and copy goes to Accounting. Accounting need this form to approve
mileage reimbursement.

The form can be used for multiple years, however it needs to re-signed annually by
employee and supervisor.

Please confirm all employees that may travel using their private car on state business
(including training) has a current STD 261 on file.  Not having a current copy of this
form on file in Accounting may delay a travel reimbursement claim. 
The is a ZIP file attached which includes the victim's domain name as part of the filename. Inside is an exectuable file with an icon to make it look like a PDF file, and the date is encoded into the filename.

VirusTotal detections are not bad at 25/48. Automated analysis [1] [2] [3] shows an attempted connection to warehousesale.com.my hosted on (Exa Bytes Network, Malaysia). There are no other sites on that server that I can see and I recommend that you block both the IP and domain as a precaution.

Recommended blocklist:


Joy kumar saha SEO expert said...

Hey , Blogger

Your blog posted on '' Business Act '' that I reading your blog . I got more tips by this your blog . Absolutely , I loved your blog . Trojans are just as sinister as malware and malware. They are small programs that masquerade as something useful, but in fact are available to steal details from your pc. Malware bytes Anti-Malware is recommended by many as supreme in Trojan detection and removal. With the 100 % free edition you have to update it manually whenever you use it, but the compensated edition (which does not price a lot) keeps itself automatically modified. Search your Online backup service

Thanks for your Attractive Blog .

Josef Kame said...

Great tips. very well-written, keyword-oriented and incredibly useful. its really interesting to many readers. I really appreciate this, thanks
Business consultancy dorset
Business funding dorset