Sponsored by..

Friday, 8 August 2014

"FW: Resume" spam has a malicious attachment

This terse spam is malicious:

Date:      Fri, 8 Aug 2014 05:57:02 +0700 [08/07/14 18:57:02 EDT]
From:      Janette Sheehan [Janette.Sheehan@linkedin.com]
Subject:      FW: Resume

Attached is my resume, let me know if its ok.

Thanks,
Janette Sheehan 

Attached is an archive Resume.zip which in turn contains a malicious executable Resume.scr. This has a VirusTotal detection rate of 24/54. The CAMAS report shows that the malware attempts to phone home to the following locations:

94.23.247.202/0708stat/SANDBOXA/0/51-SP2/0/
94.23.247.202/0708stat/SANDBOXA/1/0/0/
hngdecor.com/wp-content/uploads/2013/10/cw2800.zip
welfareofmankind.com/underconst/css/cw2800.zip

Recommended blocklist:
94.23.247.202
hngdecor.com
welfareofmankind.com
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)