Comments

Our shipping service is sending the order form due to the request from your company malspam delivers Locky — 3 Comments

  1. Surprising that they are reusing old code that antivirus knows about.

    Summary of contents

    Attachment: ec6b94a7ad.zip
    Attachment: B43AF42D_shipping_service.js
    B43AF42D_shipping_service.js forbidden file extension (.js) per inbound policy 0
    Kaspersky AV found virus Trojan-Downloader.JS.Cryptoload.aip.

    • I wouldn’t say it is old code. Kaspersky and several other AV are trying to develop a working “reliable” heuristic detection for encrypted JavaScript / WSF /HTA . So far they are about 50% accurate & reliable. If in a corporate setting, it is easy to block zips containing .JS. .WSF .HTA .exe .Jar etc and server admin can release the extremely rare occasional ones.

  2. also getting lots of these in

    Message Header for 3F26052042588F5D

    Received: from [185.10.40.121] (unknown [185.10.40.121])
    for ; Thu, 1 Sep 2016 10:35:04 +0100 (BST)
    From:
    To:
    Subject: Please find attached invoice no: 1193949
    Date: Thu, 01 Sep 2016 11:35:09 +0200
    MIME-Version: 1.0
    Reply-To:
    X-Mailer: Print Manager v1.10.392.21287
    Accept-Language: en-US
    Content-Language: en-US
    Message-ID:
    Content-Type: multipart/mixed; boundary=”Mark=_2016829204583150044A924ABA0″

    Summary of contents

    Attachment: d7A0f.zip
    Attachment: GKOQosE.wsf
    GKOQosE.wsf forbidden file extension (.wsf) per inbound policy 0

    Attached is a Print Manager form.
    Format = Portable Document Format File (PDF)
    ________________________________

    Disclaimer

    This email/fax transmission is confidential and intended solely for the person or organisation to whom it is addressed. If you are not the intended recipient, you must not copy, distribute or disseminate the information, or take any action in reliance of it. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of any organisation or employer. If you have received this message in error, do not open any attachment but please notify the sender (above) deleting this message from your system. For email transmissions please rely on your own virus check no responsibility is taken by the sender for any damage rising out of any bug or virus infection.

Leave a Reply

Your email address will not be published. Required fields are marked *