FYI...
Fake ACH SPAM / ACAS1104201336289204PARA7747.zip
- http://blog.dynamoo.com/2013/11/ach-...nd-of-day.html
5 Nov 2013 - "This fake ACH (or is it Paychex?) email has a malicious attachment:
Date: Tue, 5 Nov 2013 08:28:30 -0500 [08:28:30 EST]
From: "Paychex, Inc" [paychexemail@ paychex .com]
Subject: ACH Notification : ACH Process End of Day Report
Attached is a summary of Origination activity for 11/04/2013 If you need assistance
please contact us via e-mail at paychexemail@ paychex .com during regular business hours.
Thank you for your cooperation.
Attached is a file ACAS1104201336289204PARA7747.zip which in turn contains an executable ACAS11042013.exe which has a VirusTotal detection rate of 7/46*. Automated analysis... shows an attempted connection to slowdating .ca on 69.64.39.215 (Hosting Solutions International, US). There are several legitimate sites on this server, however it is possible that the server itself is compromised. The malware drops several files..."
* https://www.virustotal.com/en-gb/fil...is/1383665169/
- https://www.virustotal.com/en/ip-add...5/information/
___
Fake USPS SPAM / Label_442493822628.zip
- http://blog.dynamoo.com/2013/11/usps...822628zip.html
5 Nov 2013 - "This -fake- USPS spam has a malicious attachment:
Date: Tue, 5 Nov 2013 14:24:45 +0000 [09:24:45 EST]
From: USPS Express Services [service-notification@ usps .gov]
Subject: USPS - Missed package delivery
The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address.
Label: 442493822628
Print this label to get this package at our post office.
Please attention!
For mode details and shipping label please see the attached file.
Please do not reply to this e-mail, it is an unmonitored mailbox!
Thank you,
USPS Logistics Services...
The attachment is Label_442493822628.zip which in turn contains a malicious executable Label_11052013.exe which has a VirusTotal detection rate of 6/46*. Automated analysis... shows an attempted connection to sellmakers .com on 192.64.115.140 (Namecheap, US). Note that there may be legitimate sites on that IP address, however it is possible that the whole server has been compromised."
* https://www.virustotal.com/en-gb/fil...is/1383666106/
- https://www.virustotal.com/en-gb/ip-...0/information/