Sponsored by..

Friday 17 October 2014

"Final notification" malware spam uses a Google redirector and copy.com

This malware spam uses a Google redirector to retrieve malware hosted on copy.com:

From:     compplus@click.com.py
Date:     17 October 2014 17:04
Subject:     Final notification for support@victimdomain.com
Purchase Notice
Thank you for buying at our store!
Processed on October 17th 2014

We are happy to let you know that the package is on its way to you. We also attached delivery terms to residential address.

Payment #: 507040420
Order total: 2088.11 USD
Shipping date: October 18 2014.

Please hit the link given at the bottom to get more details about your order.

 Order details 

The link in this particular email is https://www.google.com/url?q=https%3A%2F%2Fcopy.com%2FU3k7IRbLXyIv%2FShippingLable_HSDAPDF.scr%3Fdownload%3D1&sa=D&sntz=1&usg=AFQjCNF6TQQctHxLItp_Nmdrx94MJkhmAA which downloads a malicious executable ShippingLable_HSDAPDF.scr and this has a VirusTotal detection rate of 3/54.

The automated analysis tools that have given results used so far [1] [2] [3] are inconclusive.

No comments: