Leave a Reply

7 Comments on "disturbing important matter malspam delivers unknown malware"

Notify of
avatar
10000
Sort by:   newest | oldest | most voted
Nigel
Guest
Nigel

I’ve just received the same, slightly different wording…

Hello, !

I am bothering you for a very serious matter. Allhough we are not familiar, but I have a lot of personal info about you. The matter is that, most likely mistakenly, the info of your account has been emailed to me.
For example, your address is:

I am a lawful citizen, so I decided to alert may have been hacked. I pinned the file – .dot that that was emailed to me, that you could examine what information has become available for attackers. Document password is – 2277

Sincerely,
Laveta Tchakian

Nyebodnye
Guest
Nyebodnye

I had someone phone me, and tell me that they had opened their personal email from a web based site (cr@p! there goes our filtering), opened the Word doc, typed in the password and opened it.
I feared the worst! I got a remote desktop to his computer and checked processes – nothing strange. Checked the usual registry autoruns – nothing. Checked his Word macro settings – allow. Turned them off. Checked his entire hard drive for all exe files that were created today – nothing. Also checked for read.gif and logo.gif – not found. Checked all .gif files from today and all were about 700 bytes so I think he got away unscathed.
Thank you ZTreeWin for making my life so much easier (other file managers are available)

PC Tech
Guest
PC Tech

galaxytown .net: 67.225.216.115: https://www.virustotal.com/en/ip-address/67.225.216.115/information/
> https://www.virustotal.com/en/url/7b69c320d888727c1119eec3b438e95ae0b0d366e340cd445f706d2ccf198912/analysis/

effeelle .eu: 62.149.128.157
62.149.128.166
62.149.128.160
62.149.128.154
62.149.128.72
62.149.128.151
62.149.128.163
62.149.128.74

//

toby
Guest
toby

I recieved this e-mail today, and curiosity got the better of me. I installed a virtual machine on a laptop and opened the .dot file. I now have a dead laptop, it went black almost immediately, and now has no sign of life, no charging lights, no response at all.

Interesting to see this article as it’s the first to describe the payload, but it doesn’t sound like it should have been so destructive? Is it really just a co-incidence that my laptop went pop at the moment of opening it?

Nyebodnye
Guest
Nyebodnye

I have opened this in VirtualXP and it didn’t kill anything. It’s supposed to download a banking trojan so I suspect coincidence. Any way to test the battery ?

Dave
Guest
Dave

I got the same thing. I copied the doc to a usb drive and booted up my stone age computer. Opened the doc and it was 318 pages of garbage characters. I did not need any code to open it, although there was one. I then reported it to / and deleted it.

wpDiscuz

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close