Sponsored by..

Tuesday 29 October 2013

"Division of Unemployment Assistance" spam / attached_forms.exe

This spam comes with a malicious attachment:

Date:      Tue, 29 Oct 2013 11:12:18 -0600 [13:12:18 EDT]
From:      "info@victimdomain" [info@victimdomain]
Subject:      [No Subject]

A former employee(s) of your company or organization recently filed a claim for benefits
with the Division of Unemployment Assistance (DUA). In order to process this claim, DUA
needs information about each former employee. You are requested to:

Provide Wage and Separation information (Form 1062/1074)

And/or

Provide Separation Pay Information

If you do not provide this information, you may lose your right to appeal any
determination made on the claim.
To provide this information electronically, <b>please print attached claim (file) and
complete any outstanding forms.

This message may contain privileged and/or confidential information. Unless you are the
addressee (or authorized to receive for the addressee), you may not use, copy,
disseminate, distribute or disclose to anyone the message or any information contained in
the message.
Attached is a file with the rather long name of  case#976179103613297~9392736683167.zip which contains a malicious executable attached_forms.exe with an icon that makes it look like a PDF file. The VirusTotal detections stand at 8/46 and automated analysis [1] [2] shows an attempted connection to bookmarkingbeast.com on 69.26.171.179 (Xeex Communications, US). That's just two IP addresses away from this other Xeex server mentioned here. I strongly suspect that there is a problem with servers in the 69.26.171.176/28 range so you might want to block those temporarily. This range is suballocated from Xeex to:

%rwhois V-1.5:0000a0:00 rwhois.xeex.com (by Network Connection Canada. V-1.0)
network:auth-area:69.26.160.0/19
network:network-name:69.26.171.176
network:ip-network:69.26.171.176/28
network:org-name:MJB Capital, Inc.
network:street-address:8275 South Eastern Avenue
network:city:Las Vegas
network:state:NV
network:postal-code:89123
network:country-code:US
network:tech-contact:Mark Bunnell
network:updated:2013-05-30 10:01:58
network:updated-by:noc@xeex.com
network:class-name:network



1 comment:

Unknown said...

Thank you once more for another” feel smart, uplifting, that there ar smart individuals during this world story”. we tend to scan numerous stories that ar negavite concerning individuals and what they are doing to others. A random act of kindness is often such an excellent issue to listen to concerning. Peace and blessings.

PPI claims