Dynamoo's Blog: Malware spam: "Credit Control [cc@pentafoods.com]"/ "Penta invoice I0026098"

Thursday, 5 March 2015

Malware spam: "Credit Control [cc@pentafoods.com]"/ "Penta invoice I0026098"

This spam email does not come from Penta Foods, instead it is a simple forgery with a malicious attachment.

From:    Credit Control [cc@pentafoods.com]
Date:    5 March 2015 at 11:10
Subject:    Penta invoice I0026098

Please find attached your invoice I0026098

Regards,

Finance Team

Attached is a document I0026098.doc which comes in at least two versions with low detection rates [1] [2] which contain some macros [1] [2] that attempt to download a component from the following locations:

http://maloja.se/js/bin.exe
http://campusnut.com/js/bin.exe

This is the same payload as used in this earlier spam run. It currently has a VirusTotal detection rate of 12/56.

3 comments:

Nancy13 March 2015 at 13:08
This comment has been removed by the author.
ReplyDelete
Replies
Nancy13 March 2015 at 13:08
This comment has been removed by the author.
ReplyDelete
Replies
Nancy13 March 2015 at 13:10
Blogger Nancy said...
I received one of these emails, and not thinking, opened the attachment, ugh! Can you tell me what they can see/get off my phone? Is there anything I can do to remove whatever may have been put on?
ReplyDelete
Replies

Add comment