Date: Fri, 25 Oct 2013 13:55:41 +0200 [07:55:41 EDT]Attached is a zip file in the format Report_recipientname.zip which in turn contains a malicious executable Report_10252013.exe (note the date is encoded into the filename). The file has an icon to make it look like a PDF file, but it isn't.
From: LloydsTSB [noreply@lloydstsb.co.uk]
Subject: You have received a new debit
Priority: High Priority 1 (High)
This is an automatically generated email by the Lloyds TSB PLC LloydsLink online payments Service.
The details of the payment are attached.
============================================================================
This e-mail (including any attachments) is private and confidential and may contain privileged material. If you have received this e-mail in error, please notify the sender and delete it (including any attachments) immediately. You must not copy, distribute, disclose or use any of the information in it or any attachments.
The VirusTotal detection rate is a so-so 13/47. Automated analysis [1] [2] shows an attempted connection to www.baufie.com on 173.203.199.241 (Rackspace, US). Often these callbacks indicate a completely compromised server, so it may be possible that there are other sites being abused on the same box.
1 comment:
Generally if you report it to rackspace they actually give a crap, which is nice.
Post a Comment