威胁百科全书

Two Waves of Malformed Malspam Arrive in Mailboxes

Publish date: 十月 12, 2017

分析者:

Cedrick Ramos


More news on the malicious spam front - we recently received two waves of what appears to be malformed malspam. The first one has 'Supplement payment [Random Number]' for its subject heading, while the other one is passing itself off as a 'Document invoice_[Random number]_sign_and_return.pdf is complete' notification. Int his particular context, 'malformed' means that something went wrong in the sample's creation process, which in turn means that it can't work like it's supposed to.


As such, these malformed mails will not infect the machine of their recipient and are thus harmless. However, we found out that an attachment can be retrieved from the email codes. This will reveal a malicious .7z attachment - which, when extracted, will produce .vbs files. These files of course will run malicious codes when executed.

Upon investigation, the file attachments of the replicated mails are already detected as VBS_NEMUCOD.ELDSAUU.

Users are advised to always take caution in clicking attachments from emails, especially if they come from unknown senders. Trend Micro customers are of course protected from all aspects and elements of this threat.

垃圾邮件阻止日期/时间: 12 十月 2017 02:04:00 上午 GMT-8
TMASE Information

  • TMASE引擎(全局: :8.0
  • TMASE样式(全局): :3390

通过以下社交网站联系我们