SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Dangerous payload

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
Agent1002
419Eater is my life


Joined: 11 Feb 2010
Posts: 442
Location: USA


PostPosted: Wed Nov 09, 2011 8:01 pm Reply with quoteBack to top

I got a couple of these last night. The attachment is highly suspect. You know to not open attachments, right?

Quote:
Your Federal Tax Payment ID: 52181436 has been rejected.
Return Reason Code R21 - The identification number used in the Company Identification Field is not valid.

Please, check the information to get details about your company payment in transaction contacts section:

attach name = report.18653.pdf

In other way forward information to your accountant adviser.
EFTPS:
The Electronic Federal Tax Payment System
PLEASE NOTE: Your tax payment is due regardless of EFTPS online availability. In case of an emergency, you can always make your tax payment by calling the EFTPS.


Attached is a "PDF" that Google can't view. Using a Linux machine (no MS office to run a script, macro, or exe) I took a look at the file and found it really is a zip file, not a PDF. Examining that with Archive manager shows the zip file contains a Windows exe file. The file is named Report.18653.pdf.exe. I have no idea what the exe file does. The deceptive wrapper said Danger very clearly.

Both letters appear identical except the number in the first line. I presume the number is to keep the first line from getting hits on google. The 2nd line has many google hits.
Quote:
ID: 96347814 has


Update, the attachment is a Trojan downloader
http://www.virustotal.com/file-scan/report.html?id=fee29b1d7479a281b59694d0ff48e366b7b2de6e9b3e58d5c027c5a7e48d7451-1320765475

_________________
Easter Egg 2012 Closed lad accounts X5 2 piggies in my first batch of 4 baits.
Magic Jack phones : CellphoneCellphoneCellphone
you have to answer this questions because seem that you are playing with this organisation from money order to generator, please we do not like stories and playing at the moment.


Internet Security Team

Agent 1002

Last edited by Agent1002 on Wed Nov 09, 2011 8:33 pm; edited 1 time in total
View user's profileSend private message
Xenon
Master Baiter


Joined: 03 May 2005
Posts: 153
Location: Not from around here


PostPosted: Wed Nov 09, 2011 8:20 pm Reply with quoteBack to top

Yes its a virus...

http://forums.malwarebytes.org/index.php?showtopic=99382

_________________
Mr Robert: Please let me know. I am highly depressed over here. I want to hear from you urgently.
-----
Mr DoDoo: fuck you Mr Rev Peter Fuckkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk uu
-----
Safari x3
Closed lad accounts x3
x4
View user's profileSend private message
chinaspecial
Hello I'm New here!


Joined: 18 Apr 2010
Posts: 19


PostPosted: Thu Nov 10, 2011 5:30 pm Reply with quoteBack to top

Yea I have seen a few like this land in my inbox and it's a pain to deal with, and I deal with a lot of them. Evil or Very Mad
View user's profileSend private message
Spectre
Not quite a Newb


Joined: 14 Sep 2011
Posts: 54


PostPosted: Thu Nov 10, 2011 7:17 pm Reply with quoteBack to top

If you are interested in what the binary will do if executed then you can try uploading it to Anubis online analyser:

anubis.iseclab.org


I think it's interesting to see what these would do Smile.

_________________
Closed lad accounts
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT