October 14, 2013Blog Staff By Blog Staff

Spamvertised T-Mobile ‘Picture ID Type:MMS” themed emails lead to malware

The cybercriminals behind last week’s profiled fake T-Mobile themed email campaign have resumed operations, and have just spamvertised another round of tens of thousands of malicious emails impersonating the company, in order to trick its customers into executing the malicious attachment, which in this case is once again supposedly a legitimate MMS notification message.

Detection rate for the spamvertised attachment: MD5: 8a9abe065d473da9527fdf08fb55cb9e – detected by 26 out of 48 antivirus scanners as Trojan.DownLoader9.22851; UDS:DangerousObject.Multi.Generic

Once executed, the sample creates the following Mutexes on the affected hosts:

It then (once again) phones back to networksecurityx.hopto.org. The most recent MD5 (MD5: 014543ee64491bac496fabda3f1c8932) that has phoned back to the same C&C server (networksecurityx.hopto.org) is also known to have phoned back to dahaka.no-ip.biz (

Webroot SecureAnywhere users are proactively protected from these threats.





Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *