Date: Wed, 4 Dec 2013 08:24:02 -0500 [08:24:02 EST]Attached is a file FMS-Case-CWK8SSU4K6CN852.zip which in turn contains a malicious executable FMS-Case.exe which has a VirusTotal detection rate of 7/49. Automated analysis tools [1] [2] show an attempted connection to worldofchamps.com on 198.1.78.171 (Websitewelcome, US) and a download from [donotclick]deshapran.com/img/deshp.exe on 182.18.143.140 (Pioneer eLabs, India). This second part has a VirusTotal detection rate of 6/47, although automated analysis tools are inconclusive. I recommend blocking both those domains.
From: "support@salesforce.com" [support@salesforce.com]
Subject: Department of Treasury Notice of Outstanding Obligation - Case CWK8SSU4K6CN852
Important please review and sign the attached document!
We have received notification from the Department of the Treasury,
Financial Management Service (FMS) that you have an outstanding
obligation with the Federal Government that requires your immediate
attention.
In order to ensure this condition does not affect any planned
contract or grant activity, please review and sign the attached document and if
you are unable to understand the attached document please call FMS at 1-800-304-3107
to address this issue. Please make sure the person making the telephone call has the
Taxpayer Identification Number available AND has the authority/knowledge
to discuss the debt for the contractor/grantee.
Questions should be directed to the Federal Service Desk at:
http://www.bpn.gov/ccr/Help.aspx
Phone : 1-866-606-6762
Int. Phone 1-344-206-6275 for international calls
For DSN, dial 809-463-9774. Wait for a dial tone, and then dial 866-606-4580.
Wednesday, 4 December 2013
"Department of Treasury Notice of Outstanding Obligation" spam / FMS-Case.exe
This spam says Salesforce.com at the top but the rest is allegedly from some US Government department or other (pay attention people!). Anyway, it has a malicious attachment.
Labels:
EXE-in-ZIP,
Malware,
Spam
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment