Sponsored by..

Tuesday 20 May 2014

Fake Sage Invoice spam leads to malware

This fake Sage spam leads to malware:

Date:      Tue, 20 May 2014 09:20:53 +0100 [04:20:53 EDT]
From:      Sage [Wilbur.Contreras@sage-mail.com]
Subject:      FW: Invoice_6895366

Please see attached copy of the original invoice (Invoice_6895366). 

Attached is an archive file Invoice6895366.zip which in turn contains a malicious executable Invoice200522014.scr which has a VirusTotal detection rate of 8/52.

The Malwr analysis shows that it then goes on to download further components from [donotclick]protecca.com/fonts/2005UKdp.zip some of which are:
 These appear to be part of a peer-to-peer Zbot infection.

No comments: