Tuesday, 19 January 2016

Malware spam: "More scans" / admin / DOC201114-201114-001.DOC

This fake scanned document appears to come from admin@ the victim's own domain. There is no body text in the email.

From:    admin [admin@victimdomain.tld]
Date:    19 January 2016 at 09:42
Subject:    More scans
I have seen just a single sample with a document named DOC201114-201114-001.DOC which has a detection rate of 4/53 and which according to this Malwr report downloads from:


www.cnbhgy.com/786585d/08g7g6r56r.exe


This download location was used in this earlier spam run but the payload has now changed, however it is still the Dridex banking trojan.
at

4 comments:

  1. Unknown20 January 2016 at 08:53

    Could you find out the reason for sending the e-mail? I received yesterday in my domain the same mail.

    ReplyDelete
  2. Unknown4 February 2016 at 09:44

    Thanks for this. Received same email this morning and presumed my website had been hacked.

    ReplyDelete
  3. pristine17 March 2016 at 13:01

    I have been receiving numerous emails like this, accidentally opened one of the attachments on my iOS mobile.
    any ideas on what to do next?

    ReplyDelete
  4. Conrad Longmore18 March 2016 at 09:52

    @pristine - this impacts Windows-based PCs only, your iPhone thingie should be OK>

    ReplyDelete