Date: Thu, 24 Oct 2013 15:45:37 +0200 [09:45:37 EDT]The attachment is Resume_LinkedIn.zip which in turn contains a malicious executable Resume_LinkedIn.exe with an icon to make it look like a Word Document rather than an executable.
From: Elijah Parr [Elijah.Parr@linkedin.com]
Subject: My resume
Attached is my resume, let me know if its ok.
Thanks,
Elijah Parr
------------------------
Date: Thu, 24 Oct 2013 19:14:37 +0530 [09:44:37 EDT]
From: Greg Barnes [Greg.Barnes@linkedin.com]
Subject: My resume
Attached is my resume, let me know if its ok.
Thanks,
Greg Barnes
VirusTotal is timing out at the moment, but earlier only one AV engine detected it (Norman). Automated analysis tools [1] [2] show an attempted connection to homevisitor.co.uk on 64.50.166.122 (Lunarpages, US). This server was distributing malware last month too, so we must assume that it is compromised. Blocking that IP address would probably be a good idea as there are several other compromised domains on that same server [1] [2].
4 comments:
I just got one in my spam at 9:45AM
My resume
Jermaine Wilson
Attached is my resume, let me know if its ok.
Thanks,
Jermaine Wilson
Great tips. very well-written, keyword-oriented and incredibly useful. its really interesting to many readers. I really appreciate this, thanks
PPI claims
I was talking to someone and I wasn't paying attention and opened the zip file and clicked to open the file inside when I saw the "exe" extension. I quickly closed the window, but I don't know if the damage was already done. Has anyone opened the exe file completely. Does it display anything or is it all in the background? I have the Microsoft Essentials Anti-virus. I always assumed that it asks for permission to make any changes to the computer with an "exe" file. Is the assumption incorrect?
Post a Comment