dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
261
share rss forum feed


jimkyle
Btrieve Guy
Premium
join:2002-10-20
Oklahoma City, OK
kudos:2
Reviews:
·AT&T Southwest

New Phishing/Malware Effort?

I just received an email purporting to be from Quickbooks.com with an attachment. The email text claimed my payment was overdue and that details were in the attachment.

Since I've not done any business with Quickbooks for at least five years, I was a bit suspicious. I scanned the attachment with an up-to-date copy of Microsoft Security Essentials and it came up clean, but I still was not convinced.

Since I run Xubuntu, not Windows, I felt safe in opening the attachment, "Payroll_52813_28931.zip" with file-roller. It contained a single EXE file, and that file was in Win PE format. Checking its .text area with a hex editor indicated it was highly suspicious.

I'm simply passing this information along for anyone else who runs into the same situation. Message headers indicated it came to my mail server from a Cox server at 184.191.173.216, and to the Cox server from 151.101.112.215 which fails to show up on a "dig" or "whois" search. Is this old news, or is this one something new?
--
Jim Kyle