July 25, 2013Dancho Danchev By Dancho Danchev

Fake ‘Copy of Vodafone U.K Contract/Your Monthly Vodafone Bill is Ready/New MMS Received’ themed emails lead to malware

Cybercriminals continue targeting U.K based Internet users in an attempt to trick them into thinking that they’ve received a legitimate email from Vodafone U.K. We’ve intercepted two, currently circulating, malicious spam campaign that once again impersonate Vodafone U.K, this time relying on a bogus “Copy of Vodafone U.K” themed messages, the ubiquitous ‘MMS Message Received‘ campaign, as well as the most recent ‘Your Monthly Vondafone Bill is Ready‘ theme.

More details:

Sample screenshots of the spamvertised emails:



Detection rates for the spamvertised malicious attachments:
MD5: a5bdeaadb002e12a38c9d354097f9a9a – detected by 30 out of 46 antivirus scanners as Backdoor.Win32.Androm.aehi; TrojanDownloader:Win32/Dofoil.R.
MD5: 6aeacb54d57cddff1b1b39d2d3b32140 – detected by 6 out of 47 antivirus scanners as Artemis!6AEACB54D57C; UDS:DangerousObject.Multi.Generic.
MD5: 3965d6f027812306ea953dbd0ac0bce0 – detected by 6 out of 47 antivirus scanners as Heuristic.BehavesLike.Win32.ModifiedUPX.C; Trojan/Win32.Tepfer.

The last sample marks its presence on the affected systems through the following Mutexes:

All of these samples phone back to the same C&C server:
hxxp:// (37-139-47-159.clodo.ru, AS56534)

Webroot SecureAnywhere users are proactively protected from these threats.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *