Spamvertised ‘Vodafone U.K MMS ID/Fake Sage 50 Payroll’ themed emails lead to (identical) malware

Spamvertised ‘Vodafone U.K MMS ID/Fake Sage 50 Payroll’ themed emails lead to (identical) malware

by | Jul 16, 2013 | Industry Intel, Threat Lab

Reading Time: ~ < 1 min.

We’ve intercepted two, currently circulating, malicious spam campaigns enticing users into executing the malicious attachments found in the fake emails. This time the campaigns are impersonating Vodafone U.K or pretending to be a legitimate email generated by Sage 50’s Payroll software.

More details:

Sample screenshot of the spamvertised email:

Email_Spam_Fake_Spamvertised_Malware_Malicious_Software_Social_Engineering_Payslip_Sage50

What’s particularly interesting about these two campaigns is the fact that they’ve both been launched by the same cybercriminal/gang of cybercriminals. Not only do the campaigns use an identical MD5 with two previously profiled malicious spam campaigns, but also, all the MD5s phone back to the same C&C server – hxxp://62.76.178.178/fexco/com/index.php

Detection rate for the unique MD5 used in the fake Vodafone U.K MMS themed campaign: 4e9d834fcc239828919eaa7877af49dd – detected by 8 out of 47 antivirus scanners as Backdoor.Win32.Androm.abrz; Troj/Agent-ACLZ.

Webroot SecureAnywhere users are proactively protected from this threat.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.

Blog Staff

About the Author

Blog Staff

The Webroot blog offers expert insights and analysis into the latest cybersecurity trends. Whether you’re a home or business user, we’re dedicated to giving you the awareness and knowledge needed to stay ahead of today’s cyber threats.

1 Comment

  1. DarenPearson
    DarenPearson on September 19, 2014 at 5:01 am

    The
    article is written very well about Spamvertised ‘Vodafone U.K MMS ID/Fake Sage 50 Payroll’ themed emails lead to (identical) malware. This
    is really interesting take on the concept.
    http://jcscomputer.com/

Share This