Sponsored by..

Monday 12 December 2016

Malware spam: "New(910)" leads to Locky

This spam leads to Locky ransomware:

From:    Savannah [Savannah807@victimdomain.tld]
Reply-To:    Savannah [Savannah807@victimdomain.tld]
Date:    12 December 2016 at 09:50
Subject:    New(910)

Scanned by CamScanner


Sent from Yahoo Mail on Android

The spam appears to come from a sender within the victim's own domain, but this is just a simple forgery. The attachment name is a .DOCM file matching the name in the subject. Automated analysis [1] [2] indicates that it works in a similar way to this other Locky ransomware run today.

No comments: