Sponsored by..

Thursday, 17 March 2016

Malware spam: "PDFPart2.pdf" / "Sent from my Samsung Galaxy Note 4 - powered by Three"

This spam run has a malicious attachment. It appears to come from within the user's own domain.

From:    Administrator [admin@victimdomain.tld]
Date:    17 March 2016 at 12:54
Subject:    PDFPart2.pdf

Sent from my Samsung Galaxy Note 4 - powered by Three

Sent from my Samsung Galaxy Note 4 - powered by Three
All the attachments that I saw were corrupt, but it appears to be trying to download a script that installs Locky ransomware, as seen here.

2 comments:

Unknown said...

The messages I have seen delivered so far did not contain any type of attachment.

Kitten Herder said...

We too only saw ones without attachments. It appears that some of the bot networks that have been leveraged lately are within enterprises that leverage outbound scanning of email. We were hit with one last Thursday, 3/10, where the .ZIP attachments were either removed or had their payloads replaced with 0_Warning.htm files.