From: Administrator [administrator@victimdomain.com]The link in the email goes to the same site as described in this earlier post, which means that the payload is Cryptowall.
Date: 11 September 2014 22:25
Subject: To All Employee's - Important Address UPDATE
To All Employee's:The end of the year is approaching and we want to ensure every employee receives their W-5 to the correct address.Verify that the address is correct - https://local.victimdomain.com/details.aspx?id=6871049687 If changes need to be made, contact HR at https://hr.victimdomain.com/update.aspx?id=6871049687. Administrator,http://victimdomain.com
To All Employee's:
The end of the year is approaching and we want to ensure every employee receives their W-5 to the correct address.
Verify that the address is correct - https://local.victimdomain.com/details.aspx?id=6871049687
If changes need to be made, contact HR at https://hr.victimdomain.com/update.aspx?id=6871049687.
Administrator,
http://victimdomain.com
Thursday 11 September 2014
"To All Employee's - Important Address UPDATE" spam leads to Cryptowall
This fake HR spam leads to a malicious ZIP file:
Labels:
Cryptowall,
Malware,
Spam,
Viruses
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment