Sponsored by..

Thursday 23 January 2014

"Legal Business Proposal" spam has a malicious attachment

This email looks like it should be an advanced fee fraud, but instead it comes with a malicious attachment. I love the fact that this is a Legal Business Proposal as opposed to an Illegal one.
Date:      Thu, 23 Jan 2014 12:45:11 +0000 [07:45:11 EST]
From:      Webster Bank [WebsterWeb-LinkNotifications@WebsterBank.com]
Subject:      Legal Business Proposal

Hello, I'm Norman Chan Tak-Lam, S.B.S., J.P, Chief Executive, Hong Kong Monetary Authority (HKMA).

I have a Business worth $47.1M USD for you to handle with me.

 Detailed scheme of business can be seen in the attached file.
Attached is a file business-info.zip which in turn contains a malicious executable business-info.exe with a VirusTotal detection rate of 16/49.

Automated analysis tools [1] [2] [3] show attempted connections to dallasautoinsurance1.com on and wiwab.com on Both those IPs are Cogent Communications ones that appear to be rented out to a small web hosting firm called HostTheName.com. For information only, that host has these other IPs in the same range:

No comments: