Sponsored by..

Wednesday 5 March 2014

mms.Orange.co.uk "IMAGE Id 889195266-PicFFY2C TYPE=MMS" spam

A horribly managed spam turned up in my inbox, claiming to be an MMS message from Orange UK. Well, at least that's what it looked like when I got the HTML to render properly enough to make it readable..

Date:      Wed, 5 Mar 2014 09:14:13 +0000 [04:14:13 EST]
From:      mms.service3694@mms.Orange.co.uk
Subject:      IMAGE Id 889195266-PicFFY2C TYPE=MMS

Description: Orange

Received from: 447457714595 | TYPE=MMS
There's meant to be an embedded image, but it is completely corrupt. Not that it makes much difference..


Attached is a file called bulger,jpg which is actually a ZIP file, so you have to rename it from .jpg to .zip in order to infect yourself. Some assembly is required in this case..

Anyway, once you have done all that and unzipped it, you get a malicious file IMG0000002993.exe  which has  a VirusTotal detection rate of 17/50. The Malwr report shows that the malware attempts to connect with a bunch of IPs that mostly look like dynamic ADSL subscribers. This sort of behaviour looks like P2P/Gameover Zeus or something similar.



2 comments:

PC.Tech said...
This comment has been removed by the author.
PC.Tech said...

Same subject, different rendering:
- http://threattrack.tumblr.com/post/78565844188/orange-mms-message-spam
Mar 4, 2014
.