Antivirus: April 2008 Archives

Subpoena in a Civil Case

The SANS ISC Diary has a good write up of the Subpoena in a Civil Case malicious email. Wish I had seen that before investigating the copy our CEO received.

The message is from subpoena@uscourts.com with a display From of United States District Court. It says

YOU ARE HEREBY COMMANDED to appear and testify before the Grand Jury of the United States District Court at the place, date, and time specified below.

It has a link to download a document on the matter. The website prompts to install a malicious activeX control.

The malware we received doesn't seem to be the same file the ISC is reporting.

By Roger on April 14, 2008 2:35 PM | | Comments (2) | TrackBacks (0)

Tax Contract for $companyname

This morning MessageLabs blocked a suspicious message to a recipient in our finance department.

Subject: Re:tax contract for , INC
The message contained a Word document attachment named incomplete_contract.doc. The word doc contained a embedded exe named MicrosoftWordhasencounteredanerrorandneedstoclose.Pleasedoubleclicktheicontoreloadmsword.exe

These are probably the same people who tried last week with subject lines "Re : Tax Refund for %firstname% %lastname% with a scr attachment.

Going through my email I see a similar detection back in February Complaint Filled against , (Case id: #3DB0A4) again with a scr attachment.

By Roger on April 8, 2008 10:12 AM | | Comments (1) | TrackBacks (0)
« Antivirus: February 2008 | Main Index | Archives | Antivirus: May 2008 »

Search