Sponsored by..

Monday 17 March 2014

Salesforce.com "Please respond - overdue payment" spam

This fake Salesforce spam comes with a malicious attachment. Well, actually two malicious attachments..

Date:      Mon, 17 Mar 2014 16:12:20 +0100 [11:12:20 EDT]
From:      "support@salesforce.com" [support@salesforce.com]
Subject:      Please respond - overdue payment
Priority:      High Priority 2

Please find attached your invoices for the past months. Remit the payment by 01/9/2013 as outlines under our "Payment Terms" agreement.

Thank you for your business,

Sincerely,
Alvaro Rocha

This e-mail has been sent from an automated system.  PLEASE DO NOT REPLY.

The information contained in this message may be privileged, confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify your representative immediately and delete this message from your computer. Thank you. 
Attached are two archive files quickbook_invoice_89853654.rar and quickbook_invoice_8988561346654.zip which in turn contain the same malicious executable quickbook_invoice.scr which has a VirusTotal detection rate of 8/49. Automated analysis tools [1] [2] [3] don't give much of a clue as to what is going on here, although you can assume that it is nothing good..

No comments: