Sponsored by..

Friday 22 January 2016

Malware spam: "Message from KONICA_MINOLTA" / MFD / scanner / SKM_4050151222162800.doc

At the moment there is a heavy spam run pushing the Dridex banking trojan, pretending to be from a multifunction device or scanner.
Subject:    Message from KONICA_MINOLTA
Subject:    Message from MFD
Subject:    Message from scanner
The spam appears to come from within the victim's own domain, from one of the following email addresses:
This is just a simple forgery. It doesn't mean that you organisation has been compromised.. it really is a very simple trick. In all cases the attachment is named SKM_4050151222162800.doc, which appears to come in three versions (VirusTotal [1] [2] [3]). The Malwr reports [4] [5] [6] indicate executable download locations at:


This binary has a detection rate of 1/54 and that VirusTotal report plus this Malwr report show it phoning home to: (Digital Ocean Inc., US)

I strongly recommend that you block traffic to that IP. The payload is the Dridex banking trojan, sent by botnet 220.


Padhraic said...

Great, thanks, received just this morning.

eny said...

Me too, from "scanner@hotmail".

Unknown said...

Yeah me to but to my google account
I was downloaded the zip file but when i see the type of file is " .js " this's to wierd for me after that i blocked quickly