Sponsored by..

Friday 27 May 2016

Malware spam: "As per our discussion yesterday, please find attached the amended meeting minutes."

This spam leads to Locky ransomware:

From:    Meagan Branch
Date:    27 May 2016 at 12:35
Subject:    Information request


Dear [redacted],

As per our discussion yesterday, please find attached the amended meeting minutes.
I have accepted the majority of the changes requested, however there are some that I have left in the document.
I have included the edits as track changes.

Please confirm that the changes we have made are acceptable.

Many thanks


Regards,

Oramed Pharmaceuticals Inc.

Meagan Branch
Phone: +1 (620) 980-41-94
The senders vary from email to email. Attached is a ZIP file with a malicious script, which in the examples that I have found downloads one of a variety of malicious executables [1] [2] [3] [4] which call home to the same IP addresses found in this earlier spam run.

No comments: