Sponsored by..

Thursday 11 September 2014

"To All Employee's - Important Address UPDATE" spam leads to Cryptowall

This fake HR spam leads to a malicious ZIP file:
From:     Administrator [administrator@victimdomain.com]
Date:     11 September 2014 22:25
Subject:     To All Employee's - Important Address UPDATE

To All Employee's:The end of the year is approaching and we want to ensure every employee receives their W-5 to the correct address.Verify that the address is correct - https://local.victimdomain.com/details.aspx?id=6871049687 If changes need to be made, contact HR at https://hr.victimdomain.com/update.aspx?id=6871049687. Administrator,http://victimdomain.com

To All Employee's:
The end of the year is approaching and we want to ensure every employee receives their W-5 to the correct address.
Verify that the address is correct - https://local.victimdomain.com/details.aspx?id=6871049687
If changes need to be made, contact HR at https://hr.victimdomain.com/update.aspx?id=6871049687.

 Administrator,
http://victimdomain.com
 The link in the email goes to the same site as described in this earlier post, which means that the payload is Cryptowall.



No comments: