Sponsored by..

Wednesday 16 October 2013

LinkedIn spam / Contract_Agreement_whatever.zip

This fake LinkedIn spam has a malicious attachment:

Date:      Wed, 16 Oct 2013 11:57:55 -0600 [13:57:55 EDT]
From:      Shelby Gordon [Shelby@linkedin.com]

Attached is your new contract agreements.

Please read the notes attached, then complete, sign and return this form.

Shelby Gordon
Contract Manager
Online Division - LinkedIn
Shelby.Gordon@linkedin.com
Office: 302-449-8859 Ext. 33
Direct: 302-184-9426

This email was intended for dynamoo@spamcop.net.
© 2013, LinkedIn Corporation. 2029 Stierlin Ct. Mountain View, CA 94043, USA 

The attachment has the format Contract_Agreement_recipientname.zip and in turn contains a malicious executable Contract_Agreement_10162013.exe (note the date encoded into the filename). VirusTotal detections are 10/48.

Automated analysis tools [1] [2] [3] show an attempted connection to miamelectric.com on 209.236.71.58 (Westhost, US). I recommend that you block outbound traffic to that particular domain.

No comments: