Sponsored by..

Monday 19 May 2014


This spam has a malicious attachment:

Date:      Sun, 18 May 2014 20:54:20 -0700 [05/18/14 23:54:20 EDT]
Subject:      Re TT PAYMENT COPY

please confirm the attachment payment Copy and get back to me?

Attached is an archive file TT PAYMENT COPY.zip which in turn contains another archive file TT PAYMENT COPY.rar (which relies on the victim having a program to uncompress the RAR file). Once that is done, a malicious executable PaySlip.exe is created. This file has a VirusTotal detection rate of 27/53. Automated analysis tools (such as this one) don't reveal what is happening, but you can guarantee it is nothing good.

No comments: