|
"Thank you for ordering from Cellphone Inc" is what the email says ... what it doesn't say is "have a nice day cleaning your infected PC". Reader Scott had just taken his mobile phone to a store for repair, but being the savvy security specialist, he was still suspicious when he got the following email shortly thereafter Thank you for ordering from Cell Phone Inc. This message is to inform you that your order has been received Your order reference is Cell Phone Inc. You will need this in all correspondence. You have chosen to pay by credit card. Your card will be charged for the amount Cell Phone Inc.
The PDF's guts are obfuscated JavaScript, as usual, and currently showing up with a lousy 2/43 on the Virustotal radar. Keep your users from clicking ... and keep up with those pesky almost-feels-like-weekly Adobe updates!
|
Daniel 367 Posts ISC Handler |
| Reply Subscribe |
Mar 29th 2011 8 years ago |
|
So, perfect time from the spammers side.. Did Scott complain about his mobile phone on Social Media? Did he also publish his e-mail address there? Are spammers into datamining?!
 |
dotBATman 63 Posts |
| Reply Quote |
Mar 30th 2011 8 years ago |
|
What was the Subject line text? Also once infected, are there any known malicious IPs/domains that we can search logs for?
|
dotBATman 2 Posts |
| Reply Quote |
Mar 30th 2011 8 years ago |
|
Subject here looked like:
Your Order No 152476 - Cell Phone Inc. |
dotBATman 2 Posts |
| Reply Quote |
Mar 30th 2011 8 years ago |
|
@matsaki, the subject varies by sample, is usually "Your Order No #####, Cell Phone Inc." In the PDF that I analyzed, the subsequent EXE download came from kawabungashop-dot-ru
|
Daniel 367 Posts ISC Handler |
| Reply Quote |
Mar 30th 2011 8 years ago |
|
Sender info
katie at choicewastemanagement.com mail7.hostek.com 216.198.218.137 |
Daniel 2 Posts |
| Reply Quote |
Mar 30th 2011 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!
