Targeted Email Attacks - November 8

This blog provides examples of socially engineered and/or specifically targeted spear phishing emails, intended to spread trojans and malware. These examples are generally focused on the China/Taiwan analyst community in Washington, D.C. (More Background)

November 8 - Fake Colleague Email

My colleague got an email “from” me, asking her to click on a link to a zip file, supposedly containing information about how the “Best Chef from Northwest U.S” was “creating new tastes” in Taiwan. The subject is actually the title of an article from a Taiwan newspaper a few days before. The linked file was hosted on the hacked web server of some poor guy’s personal website (I’ve written to him telling him he may want to lock his site down and remove any files he doesn’t recognize.) The zip file contains a .exe file, and has a 6/43 (14.0%) detection rate - rather poor - at VirusTotal.

Subject: Best Chef from Northwest U.S. creates new tastes
MD5: b2036cb65a868fde9ff22a72ee3a883d
Originating IP: 63.73.11.15
X-Mailer: Auto Mailer (www.automsw.com) ID: 284535 [I’m including this because I think it’s the first one I’ve seen an email with this particular mailer.]

geraldinepk50 likes this
danielsrose likes this
chloe-jayde likes this
targetedemailattacks posted this

17 notes #zip #link #hacked #webserver #personal #phishing #article #external

Short URL for this post: http://tmblr.co/ZCE6oxBzFbFI