Date: Fri, 25 Jul 2014 17:32:38 +0800 [05:32:38 EDT]Attached to the message is an archive invoice copy.zip which contains a folder invoice copy in which there is a malicious file invoice copy.exe which has a VirusTotal detection rate of 9/51. The CAMAS report shows that the malware downloads components from the following locations:
From: "J.Parker" [rcaukomti@tiffany.co.uk]
Subject: invoice 0625859 July
Kindly open to see export License and payment invoice attached, meanwhile we sent the balance payment yesterday.
Please confirm if it has settled in your account or you can call if there is any problem.
Thanks
J.parker
Tiffany & Co.
brandsalted.com/333
daisyblue.ru/333
expositoresrollup.es/333
fbcashmethod.ru/333
madrasahhusainiyahkl.com/333
sexyfoxy.ts6.ru/333
siliconharbourng.com/333
www.huework.com/333
www.martijnvanhout.nl/333
www.ricebox.biz/333
www.zag.com.ua/333
Those sites are similar to the one found in the recent "Birmingham Mail" spam run. I recommend that you block the following domains on your network:
brandsalted.com
daisyblue.ru
expositoresrollup.es
fbcashmethod.ru
madrasahhusainiyahkl.com
sexyfoxy.ts6.ru
siliconharbourng.com
huework.com
martijnvanhout.nl
ricebox.biz
zag.com.ua
No comments:
Post a Comment