This fairly terse spam email comes with a malicious attachment:
Date: Mon, 9 Dec 2013 20:32:19 +0800 [07:32:19 EST]
From: Accounts Payable TNT [accounts.payable@tnt.co.uk]
Subject: TNT UK Limited Self Billing Invoice 5321378841
Download the attachment. Invoice will be automatically shown by double click.
Attached is an archive file called
TNT UK Self Billing Invoice.zip (VirusTotal detection rate
6/49) which in turn contains a malicious executable
TNT UK Self Billing Invoice.exe (detection rate
6/47) which has an icon that make it look like a PDF file.
Automated analysis tools
[1] [2] [3] show an attempted connection to
2dlife.com on
5.9.182.220 (JoneSolutions.Com, Philippines). I can see only two domains on this server, the other one being
2dlife.fr so I would assume that both are compromised and blocking access to this IP address is the way to go.
No comments:
Post a Comment