Dynamoo's Blog: "To All Employee's - Important Address UPDATE" spam leads to Cryptowall

Thursday, 11 September 2014

"To All Employee's - Important Address UPDATE" spam leads to Cryptowall

This fake HR spam leads to a malicious ZIP file:

From:    Administrator [administrator@victimdomain.com]
Date:    11 September 2014 22:25
Subject:    To All Employee's - Important Address UPDATE

To All Employee's:The end of the year is approaching and we want to ensure every employee receives their W-5 to the correct address.Verify that the address is correct - https://local.victimdomain.com/details.aspx?id=6871049687 If changes need to be made, contact HR at https://hr.victimdomain.com/update.aspx?id=6871049687. Administrator,http://victimdomain.com

To All Employee's:
The end of the year is approaching and we want to ensure every employee receives their W-5 to the correct address.
Verify that the address is correct - https://local.victimdomain.com/details.aspx?id=6871049687
If changes need to be made, contact HR at https://hr.victimdomain.com/update.aspx?id=6871049687.

Administrator,
http://victimdomain.com

The link in the email goes to the same site as described in this earlier post, which means that the payload is Cryptowall.

Dynamoo's Blog

Link List

Sponsored by..

Thursday, 11 September 2014

"To All Employee's - Important Address UPDATE" spam leads to Cryptowall

No comments: