Date: Fri, 7 Feb 2014 15:44:19 +0530 [05:14:19 EST]Attached is a file AccountReport.zip which in turn contains a malicious executable AccountReport.scr which has a VirusTotal detection rate of 4/50.
From: Doris Clay [Doris@rbs.co.uk]
Subject: Important Docs
Account report.
Tel: 01322 589422
Fax: 01322 296116
email: Doris@rbs.co.uk
This information is classified as Confidential unless otherwise stated.
CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are
confidential and are intended solely for the use of the person or entity to whom the
message was addressed. If you are not the intended recipient of this message, please be
advised that any dissemination, distribution, or use of the contents of this message is
strictly prohibited. If you received this message in error, please notify the sender.
Please also permanently delete all copies of the original message and any attached
documentation. Thank you.
Automated analysis tools [1] [2] show a downlad of en encrypted file from the following locations:
[donotclick]professionalonlineediting.com/theme/cc/images/07UKex.enc
[donotclick]mararu.ro/Media/07UKex.enc
Both those sites are hosted by Mochanin Corp in the US, indicating perhaps a wider problem with that host.
Recommended blocklist:
204.93.165.33
50.31.147.54
professionalonlineediting.com
mararu.ro
No comments:
Post a Comment