Dynamoo's Blog: Malware spam: "Sales Invoice SIN040281. From Charbonnel et Walker Limited" / "Corinne Young [corinne.young@charbonnel.co.uk]"

Tuesday, 12 January 2016

Malware spam: "Sales Invoice SIN040281. From Charbonnel et Walker Limited" / "Corinne Young [corinne.young@charbonnel.co.uk]"

This fake financial email does not come from Charbonnel et Walker Limited but is instead a simple forgery with a malicious attachment.

From:    Corinne Young [corinne.young@charbonnel.co.uk]
Date:    12 January 2016 at 10:42
Subject:    Sales Invoice SIN040281. From Charbonnel et Walker Limited

Kind Regards

Corinne Young
Assistant Accountant

Charbonnel et Walker Ltd, Medway Road, Tunbridge Wells, TN1 2FD
Tel: +44 (0)1892 559019 Fax: +44 (0)1892 559015

An error in the way the spam is formatted gives an attachment that appears to be named "SIN040281.DOC (note the leading quote marks) which will save on a Windows system as _SIN040281.DOC. I have only seen one variant of this attachment with a detection rate of 6/55 and for which the Malwr report indicates that this is the Dridex banking trojan (botnet 220) as described here.

Dynamoo's Blog

Link List

Sponsored by..

Tuesday, 12 January 2016

Malware spam: "Sales Invoice SIN040281. From Charbonnel et Walker Limited" / "Corinne Young [corinne.young@charbonnel.co.uk]"

No comments: