Sponsored by..

Tuesday 10 June 2014

"You have received a voice mail" spam downloads malware from Dropbox

Another fake voice message spam, and another malware attack downloading from Dropbox.

From:     Microsoft Outlook [no-reply@victimdomain]
Date:     10 June 2014 15:05
Subject:     You have received a voice mail

You received a voice mail : VOICE437-349-3989.wav (29 KB)
Caller-Id: 437-349-3989
Message-Id: U7C7CI
Email-Id: [redacted]

Download and extract the attachment to listen the message.

We have uploaded fax report on dropbox, please use the following link to download your file:

https://www.dropbox.com/meta_dl/eyJzdWJfcGF0aCI6ICIiLCAidGVzdF9saW5rIjogZmFsc2UsICJzZXJ2ZXIiOiAiZGwuZHJvcGJveHVzZXJjb250ZW50LmNvbSIsICJpdGVtX2lkIjogbnVsbCwgImlzX2RpciI6IGZhbHNlLCAidGtleSI6ICIxeWEwMGx3enQ1aWdpOXEifQ/AANABss7_JqczoocZG5p_SjA659fq_BNbEs6hyC4CqDuBA?dl=1
Sent by Microsoft Exchange Server
The link downloads a file VOICE-864169741-28641.zip which in turn contains a malicious executable VOICE-864169741-28641.scr which has a VirusTotal detection rate of 4/52. Automated analysis [1] [2] [3] [4] indicates that it downloads files from the following domains:

newsbrontima.com
yaroshwelcome.com
granatebit.com
teromasla.com
rearbeab.com


1 comment:

PC.Tech said...

Dropbox phishing: Cryptowall, Bitcoins, and You
- http://phishme.com/inside-look-dropbox-phishing-cryptowall-bitcoins/#update
Updated June 10 - "... the attackers have changed their tactics... the email is disguised as a voicemail notification..."
- http://phishme.com/beware-phishing-emails-using-dropbox-links/
June 2, 2014
.