This fake voice message spam comes with a malicious attachment:
Date: Wed, 29 Jan 2014 14:45:36 +0100 [08:45:36 EST]
From: Administrator [docs0@victimdomain.net]
Subject: Voice Message from Unknown (644-999-4348)
Unity Messaging System
- - -Original Message- - -
From: 644-999-4348
Sent: Wed, 29 Jan 2014 14:45:36 +0100
To: [redacted]
Subject: Important Message to All Employees
Attached is an archive Message.zip which in turn contains a malicious executable
VoiceMessage.exe which has a VirusTotal detection rate of just
6/50. Automated analysis tools
[1] [2] [3] show attempted connections to
kitchenrescue.com on
184.107.74.34 (iWeb, Canada) and
ask-migration.com on
173.192.21.195 (Softlayer, US). In particular, it attempts to download some sort of encrypted file
[donotclick]kitchenrescue.com/login.kitchenrescue.com/images/items/wav.enc which I have not been able to identify.
1 comment:
So this is weird - I just got an email that was clearly something weird, and I wanted to know its deal, so I googled. Here's the thing: it looks like this, but it has an actual wav file attached. Just to be on the safe side (someone could've found an exploit in wav playback or something), I converted it to an mp3 before listening to it - it seems to be an actual message left for someone? Certainly not one for me, but it was a legitimate sound file. My only thought is that the return number itself does something scammy, and they're hoping you'll call them back to tell them they got the wrong number?
Post a Comment