December 27, 2011Post-Christmas Malware Lure
To get the recipient all riled up, the crook employs a common tactic:
Subject: Re:IRS NOTIFICATION:-Complaint against your business af8d0a35bfd97efb
Nothing like invoking the tax folks to get the adrenalin flowing.
The message body goes horribly wrong in the way it had been deployed, but here's what shows up in my email client:
<!--We regret_to_inform_you, that link--> goo.gl/[removed]
At the same time, the malware lure campaign using a phony contract as bait continues. Today's installment makes it sound like the contract process has gone further until the latest snafu:
Subject: The variant of the contract you've offered has been delcined.
After our legal department studied this contract carefully, they've noticed the following mismatches with our previous arrangements. We've composed a preliminary variant of the new contract, please study it and make sure that all the issues are matching your interests
MD5 check sum: 8c46c46c4138ce9a52180726c413338c
As before, the link is not to an attached document but to a Russian server hosting the main.php code.
Ya de yadda.Posted on December 27, 2011 at 12:13 PM