Oklahoma City, OK
New Phishing/Malware Effort?
I just received an email purporting to be from Quickbooks.com with an attachment. The email text claimed my payment was overdue and that details were in the attachment.
Since I've not done any business with Quickbooks for at least five years, I was a bit suspicious. I scanned the attachment with an up-to-date copy of Microsoft Security Essentials and it came up clean, but I still was not convinced.
Since I run Xubuntu, not Windows, I felt safe in opening the attachment, "Payroll_52813_28931.zip" with file-roller. It contained a single EXE file, and that file was in Win PE format. Checking its .text area with a hex editor indicated it was highly suspicious.
I'm simply passing this information along for anyone else who runs into the same situation. Message headers indicated it came to my mail server from a Cox server at 220.127.116.11, and to the Cox server from 18.104.22.168 which fails to show up on a "dig" or "whois" search. Is this old news, or is this one something new?