Sponsored by..

Tuesday, 8 October 2013

Fake Well Fargo spam comes with a malicious attachment / lasub-hasta.com

This fake Wells Fargo spam is a retread of this one, but comes with a slightly different attachment:

Date:      Mon, 7 Oct 2013 19:56:29 +0100 [10/07/13 14:56:29 EDT]
From:      "Harry_Buck@wellsfargo.com" [Harry_Buck@wellsfargo.com]
Subject:      Documents - WellsFargo

Please review attached files.

Harry_Buck
Wells Fargo Advisors
817-487-2882 office
817-683-6287 cell Harry_Buck@wellsfargo.com

Investments in securities and insurance products are:
NOT FDIC-INSURED/NO BANK-GUARANTEES/MAY LOSE VALUE

Wells Fargo Advisors, LLC is a nonbank affiliate of Wells Fargo & Company, Member
FINRA/SIPC. 1 North Jefferson, St. Louis, MO 63103

CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are
confidential and are intended solely for the use of the person or entity to whom the
message was addressed. If you are not the intended recipient of this message, please be
advised that any dissemination, distribution, or use of the contents of this message is
strictly prohibited. If you received this message in error, please notify the sender.
Please also permanently delete all copies of the original message and any attached
documentation. Thank you. 
Attached is a ZIP file containing a malicious EXE file. The VirusTotal detection rate is a fairly healthy 27/48. Automated analysis [1] [2] [3] shows that the malware tries to phones home to lasub-hasta.com  on 205.251.152.178 (Global Net Access, US). A quick look at that server shows that it has several hundred sites on, most of which are probably legitimate.. but there is a great deal of suspect activity on this server which you might want to take into account if you are thinking of blocking this IP.

2 comments:

Joy kumar saha SEO expert said...

Hey , Admin

Your blog decorated on '' Educational Program '' that I entered your blog .From this blog , I learned more strategy about learning . Truly , I saluted your blog . Free installing of anti-virus products of Auto dialer software? Absolutely they can't be as reliable as compensated programs? With freebies, where's the guarantee? If this is what you think, you couldn't be further from the truth. Some 100 % free anti-virus programs are actually better than compensated items. I'm not going to name any names of compensated programs which did not compare so well in tests - but be confident, it's true.

Thank you for your Fairness Blog .

Peter Kruse said...

The attached file is Upatre a downloader which fetches and installs ZeuS P2P from the server over SSL.