Thursday, 4 February 2016

Malware spam: "More scans" / admin@victimdomain.tld / DOC201114-201114-001.js

This terse spam appears to originate from within the victim's own organisation, but it does not. Instead it is a simple forgery with a malicious attachment:

From:    admin [admin@victimdomain.tld]
Date:    4 February 2016 at 08:17
Subject:    More scans
Attached is a file DOC201114-201114-001.js which comes in a variety of different variants. The payload appears to be the Dridex banking trojan, as seen in this earlier spam run.

at

3 comments:

  1. FoxIII4 February 2016 at 20:35

    I've had the same email myself. I was wondering whether I should contact my hosting company about it?

    ReplyDelete
  2. Unknown5 February 2016 at 13:05

    These guys got me :( How do I get rid of this ?

    ReplyDelete
  3. Frank J C5 February 2016 at 16:14

    Got it yesterday and was concerned for my site (assumed origination) but found no evidence of hacking. Then found this page. Never downloaded or opened the file on my system. It looked like a javascript file. I did open that in another browser window. But I think I was on the Linux side of my system at that time. Searched both sides of system with no results. I guess I am safe.

    ReplyDelete