Sponsored by..

Thursday 7 November 2013

"You received a voice mail" spam / Voice_Mail.exe

This fake voice mail spam has a malicious attachment:

Date:      Thu, 7 Nov 2013 15:58:15 +0100 [09:58:15 EST]
From:      Microsoft Outlook [no-reply@victimdomain.net]
Subject:      You received a voice mail

You received a voice mail : N_58Q-ILM-94XZ.WAV (182 KB)
   
Caller-Id:
   
698-333-5643
   
Message-Id:
   
80956-84B-12XGU
   
Email-Id:
   
[redacted]

This e-mail contains a voice message.
Double click on the link to listen the message.

Sent by Microsoft Exchange Server


Attached is a zip file in the format Voice_Mail_recipientname.zip which in turn contains a malicious file Voice_Mail.exe which has an icon to make it look like an audio file. VirusTotal detection for that is 7/47 and automated analysis tools [1] [2] show an attempted connection to amazingfloorrestoration.com on 202.150.215.66 (NewMedia Express, Singapore). Note that sometimes other sites on these servers have also been compromised, so if you see any odd traffic to this IP then it could well be malicious.

1 comment:

Jamie said...

Some of the emails had attachments AND malware links too.

Multi-level setup with landing page, 3 .js files, then redirect to exploit site.

http://techhelplist.com/index.php/spam-list/375-you-received-a-voice-mail-virus-and-malware