Thursday, 11 December 2014

Employee Documents - Internal Use malware

From: "" Subject: Employee Documents - Internal Use
Message-ID: <02445414490536603757052027200341"">

DOCUMENT NOTIFICATION, Powered by NetDocuments

DOCUMENT NAME: Employee Documents

DOCUMENT LINK: http://matoa-indonesia DOT com/do/document.php

Documents are encrypted in transit and store in a secure repository

This message may contain information that is privileged and confidential.
If you received this transmission in error, please notify the sender by reply email
and delete the message and any attachments.

The above is already blocked with Sanesecurity.Malware.24222.UNOFFICIAL

However, if you do click the link, it auto-download (via your browser)

The zip file contains document8721_pdf.exe and VirusTotal is currently reporting [3/56] hits

No comments: