From: no-reply@ukmail.com
Date: 22 January 2016 at 12:14
Subject: UKMail 988271023 tracking information
UKMail Info!
Your parcel has not been delivered to your address January 21, 2016, because nobody was at home.
Please view the information about your parcel, print it and go to the post office to receive your package.
Warranties
UKMail expressly disclaims all conditions, guarantees and warranties, express or implied, in respect of the Service.
Where the law prevents such exclusion and implies conditions and warranties into this contract,
where legally permissible the liability of UKMail for breach of such condition,
guarantee or warranty is limited at the option of UKMail to either supplying the Service again or paying the cost of having the service supplied again.
If you don't receive a package within 30 working days UKMail will charge you for it's keeping.
You can find any information about the procedure and conditions of parcel keeping in the nearest post office.
Best regards,
UKMail
The attachment is named 988271023-PRCL.xls which appears to come in at least two variants (VirusTotal [1] [2]) which according to these Malwr reports [3] [4] downloads a malicious executable from:
www.stijnminne.be/ghf56sgu/0976gg.exe
raeva.com.ua/ghf56sgu/0976gg.exe
This binary has a detection rate of 4/54. It is the same payload as found in this earlier spam run.
1 comment:
I'm an idiot. I just received this email, and opened it. The attached excel file said it could not open in my current version of windows. Did this protect me? Or am I at risk? I see elsewhere that neither AVG nor Malware Bytes detects this item, which are the 2 anti-malware programs I use. I'm looking for advice on how, if at all, I should proceed.
Post a Comment