Sponsored by..

Monday 9 November 2015

Malware spam: Random Name shared "Amendment or the Agreement_09-11-2015.zip" with you

This fake Dropbox spam appears to come from randomly-generated people..

From:    Sandy Schmitt via Dropbox [no-reply@dropbox.com]
Date:    9 November 2015 at 11:41
Subject:    Sandy Schmitt shared "Amendment or the Agreement_09-11-2015.zip" with you
Sandy used Dropbox to share a file with you!

Click here to view.

The link in the email actually goes to sharefile.com where it downloads a file Amendment or the Agreement_09-11-2015.zip containing a malicious execitable Amendment or the Agreement_09-11-2015.scr which has a VirusTotal detection rate of 2/54.

Automated analysis is inconclusive [1] [2] but you can guarantee that this is nothing good. Because of the low detection rates, it might be worth temporarily blocking sharefile.com.



My sources (thank you!) say that this is Upatre dropping the Dyre banking trojan, dropping a DLL with a 2/55 detection rate. The comments in that report also contain a list of IP address that you might want to block.

No comments: