Wednesday 28 September 2016

Double trojan

Subject: There has been a change to your parcel delivery

I get a lot of email about parcels. I'd guess that a lot of people in the internet receive a lot of parcels, so an email about "your parcel" stands a good change of not being ignored. The interesting thing about this one, is that it came with two files.

The explanation in the email was "The new privacy policy. All personal information is encrypted in attached document.".

Neat idea. Except that the file contained a javascript program, obfuscated, and I can't be bothered to reverse engineer it, oops, I mean stare at it until I understand it, but it references "" which I'm guessing gets downloaded and does something unpleasant.

I sent to Virustotal, and no product flagged it. I also tried tracking_encrypted0928.doc, which was first submitted about an hour before I received it, and 4/55 products flag it as malware.

No comments:

Post a Comment