ver the past days we intercepted several unsolicited emails purporting to be a voicemail from Microsoft Outlook sent via Microsoft Exchange Server.
The emails arrive with the subject line "You have received a voice mail" and invite the recipient to download and extract the attachment to listen to the message.
The attachment, a ZIP file named VOICE[10 numbers].WAV.ZIP, contains an executable posing as an Audio file with a double extension (.WAV.EXE).
The file name contains 17 to 20 random numbers: VOICE000358[17 - 20 random numbers].WAV.EXE. Never trust a file by its icon, always pay attention to the file extension instead and make sure that Windows Explorer is set to show file extensions.
The payload is the notorious ZeuS GameOver. The only interesting part in this sample is that cyber-criminal behind this campaign opted for a .NET cryptor, something I haven’t seen yet in ZeuS GameOver samples.
more here............http://stopmalvertising.com/spam-scams/zeus-gameover-uses-.net-cryptor-and-invites-zemot.html
The emails arrive with the subject line "You have received a voice mail" and invite the recipient to download and extract the attachment to listen to the message.
The attachment, a ZIP file named VOICE[10 numbers].WAV.ZIP, contains an executable posing as an Audio file with a double extension (.WAV.EXE).
The file name contains 17 to 20 random numbers: VOICE000358[17 - 20 random numbers].WAV.EXE. Never trust a file by its icon, always pay attention to the file extension instead and make sure that Windows Explorer is set to show file extensions.
The payload is the notorious ZeuS GameOver. The only interesting part in this sample is that cyber-criminal behind this campaign opted for a .NET cryptor, something I haven’t seen yet in ZeuS GameOver samples.
more here............http://stopmalvertising.com/spam-scams/zeus-gameover-uses-.net-cryptor-and-invites-zemot.html