Dynamoo's Blog: Malware spam: "More scans" / admin@victimdomain.tld / DOC201114-201114-001.js

Thursday, 4 February 2016

Malware spam: "More scans" / admin@victimdomain.tld / DOC201114-201114-001.js

This terse spam appears to originate from within the victim's own organisation, but it does not. Instead it is a simple forgery with a malicious attachment:

From:    admin [admin@victimdomain.tld]
Date:    4 February 2016 at 08:17
Subject:    More scans

Attached is a file DOC201114-201114-001.js which comes in a variety of different variants. The payload appears to be the Dridex banking trojan, as seen in this earlier spam run.

3 comments:

FoxIII said...: I've had the same email myself. I was wondering whether I should contact my hosting company about it?; 4 February 2016 at 20:35
Unknown said...: These guys got me :( How do I get rid of this ?; 5 February 2016 at 13:05
Frank J C said...: Got it yesterday and was concerned for my site (assumed origination) but found no evidence of hacking. Then found this page. Never downloaded or opened the file on my system. It looked like a javascript file. I did open that in another browser window. But I think I was on the Linux side of my system at that time. Searched both sides of system with no results. I guess I am safe.; 5 February 2016 at 16:14

Dynamoo's Blog

Link List

Sponsored by..

Thursday, 4 February 2016

Malware spam: "More scans" / admin@victimdomain.tld / DOC201114-201114-001.js

3 comments: