From: manchesterarndale@apple.comAttached is a file emailreceipt_20150130R2155644709.xls which in the sample I analysed has a VirusTotal detection rate of 6/53.
Date: 7 December 2015 at 09:43
Subject: Your receipt from Apple Store, Manchester Arndale
Thank you for shopping at the Apple Store.
To tell us about your experience, click here.
According to this Malwr report, the attachment downloads a malicious binary from:
steveyuhas.com/~steveyuhas/87tr65/43wedf.exe
This has a VirusTotal detection rate of precisely zero. Those reports indicate network traffic to:
23.113.113.105 (AT&T Internet Services, US)
This is the same IP as seen in this earlier spam run, and I strongly recommend that you block it. The payload is likely to be the Dridex banking trojan.
4 comments:
I just received it. deleted it imidiately
I received this malware today and immediately deleted it.
Not impressed with so-called security on my computer that allows this to happen!!
I opened the attachment before questioning the vaoidity of the email on my ipad. Am I now at risk of will Apple software protect me?
@Lesley - the version I wrote about impacted Windows PCs only, your iPad should be OK.
Post a Comment