Sponsored by..

Thursday 30 January 2014

Fake Vodafone MMS spam comes with a malicious attachment

This fake Vodafone MMS spam comes with a nasty payload:
Date:      Thu, 30 Jan 2014 03:55:04 -0500 [03:55:04 EST]
From:      mms.service6885@mms.Vodafone.co.uk
Subject:      image Id 312109638-PicOS97F TYPE==MMS

Received from: 447219637920 | TYPE=MMS 
Despite the Vodafone references in the header, this message comes from a random infected PC somewhere and not the Vodafone network.

The email doesn't quite render properly in my sample:


The spam is probably preying on the fact that most people have heard of MMS but very rarely use it. Attached is a file IMG0000008849902.zip which in turn contains a malicious executable IMG0000008849902.exe, this has a VirusTotal detection rate of just 2/50.  Automated analysis tools are inconclusive [1] [2] as the sample appears to time out.

No comments: