安全威脅百科全書

Fake Voice Message and Invoice Notification Attachment Comes With Locky Ransomware

Publish date: 九月 26, 2017

撰文:

Cedrick Ramos


Ransomware is a common malicious attachment found in spam mail campaigns. In this particular instance, we found samples of two new spam campaigns sporting Locky ransomware making the rounds.

The first sample is a fake voice message notification with the subject 'Message from [Random Number]'. The body of the message is curt and short, simply telling the reader that they've received a voice message. The second sample is a fake invoice notification from a seemingly random sender. 

Just like the previous sample, the body of the email is plain and simple, with a notice saying that the email was sent from the sender's iPhone. Both spammed mails arrive with a .7z attachment containing a malicious .VBS file inside. 

Both versions of the attached file are discovered to be related to Locky ransomware. Further investigation reveals these malicious attachments are already detected by our solutions as Mal_VBSCRDLX. 

Trend Micro customers are fully protected against all aspects of these spam campaigns, from the spammed mails themselves to their malicious payloads. Users are once more reminded to never click on or open email messages coming from unknown or suspicious senders.
垃圾郵件封鎖日期/時間: 26 九月 2017 10:30:00 下午 GMT-8
TMASE 資訊

  • 垃圾郵件掃描引擎 :8.0
  • 垃圾郵件病毒碼 :3354

透過以下社群網站聯絡我們