This fake invoice spam message leads to a malicious download:
Date: Thu, 01-May-2014 15:12:56 GMT [11:12:56 EDT]
From: Eduard Fulton [bfischernn@netmedia1.com]
Subject: Notification of your invoice
Dear Customer
Our company has obtained your order and it'll be processing for 2 days.
The the bill of parcels and delivery details are below:
http://www.anat-barnir.co.il/04-05-2014/clients/clients.045-264.zip
Sincerely yours,
BiP Solutions Company
Eduard Fulton
BiP Solutions is a real company, but this spam did not come from them. The link in the email goes to a legitimate (but hacked) site in Israel and downloads a file
clients.045-264.zip which unzip to a malicious executable clients.045-264.PDF______________________________________________________.exe (there are a
lot of underscores in there, yes). This has a VirusTotal detection rate of
15/52, however automated analysis tools
[1] [2] are inconclusive as to what it actually does.
No comments:
Post a Comment