« Outrageous | Main | A Portuguese Deposit »

January 08, 2013

I've seen a few instances of a malware delivery email message that might trip up a number of recipients.

Here is the first version:

From: Alkharji Trade Co UAE Subject: Product Enquiry

Dear Sir/Madam,


We are interested in purchasing your products and we sincerely hope to
establish a long-term business relation with your esteemed company.


Please kindly view our samples HERE and HERE then send me your latest catalog. Also, inform me about the Minimum
and maximum Order Quantity, Current Delivery time or FOB, and also current
payment terms warranty.


Your early reply is highly appreciated.


Kind Regards,
Ahmed

The links in the message lead to SendSpace (and one URL was malformed to omit the ".com", so that will certainly hurt their efficiency...boo hoo), where the files are named sample1.zip and sample2.zip. Sadly, both files came up squeaky clean on VirusTotal. But both files expand to .exe files. One had fair coverage in VirusTotal (although many big-named AV products didn't recognize the files as malware over 12 hours later), while the other was recognized by only one AV vendor.

Another variant this morning has the same basic theme, but the zipped files are attached to the email message.

If you have been in business for as long as I have, you are familiar with these kinds of blind product information requests arriving from time to time. But this one won't lead to any business. Instead, its files will give you the business...if you know what I mean.