|
"Thank you for ordering from Cellphone Inc" is what the email says ... what it doesn't say is "have a nice day cleaning your infected PC". Reader Scott had just taken his mobile phone to a store for repair, but being the savvy security specialist, he was still suspicious when he got the following email shortly thereafter Thank you for ordering from Cell Phone Inc. This message is to inform you that your order has been received Your order reference is Cell Phone Inc. You will need this in all correspondence. You have chosen to pay by credit card. Your card will be charged for the amount Cell Phone Inc.
The PDF's guts are obfuscated JavaScript, as usual, and currently showing up with a lousy 2/43 on the Virustotal radar. Keep your users from clicking ... and keep up with those pesky almost-feels-like-weekly Adobe updates!
|
Daniel 380 Posts ISC Handler Mar 29th 2011 |
| Thread locked Subscribe |
Mar 29th 2011 1 decade ago |
|
So, perfect time from the spammers side.. Did Scott complain about his mobile phone on Social Media? Did he also publish his e-mail address there? Are spammers into datamining?!
 |
dotBATman 65 Posts |
| Quote |
Mar 30th 2011 1 decade ago |
|
What was the Subject line text? Also once infected, are there any known malicious IPs/domains that we can search logs for?
|
dotBATman 2 Posts |
| Quote |
Mar 30th 2011 1 decade ago |
|
Subject here looked like:
Your Order No 152476 - Cell Phone Inc. |
dotBATman 2 Posts |
| Quote |
Mar 30th 2011 1 decade ago |
|
@matsaki, the subject varies by sample, is usually "Your Order No #####, Cell Phone Inc." In the PDF that I analyzed, the subsequent EXE download came from kawabungashop-dot-ru
|
Daniel 380 Posts ISC Handler |
| Quote |
Mar 30th 2011 1 decade ago |
|
Sender info
katie at choicewastemanagement.com mail7.hostek.com 216.198.218.137 |
Daniel 2 Posts |
| Quote |
Mar 30th 2011 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
