I fell for a malware mail, thankfully aimed at Windows users / 2016-08-23 - Koos van den Hout

2016-08-23 6 months ago
Today I saw an incoming e-mail about a voicemail message, while I was expecting a voicemail message. The format was quite similar to the format used by my telephone provider so I tried opening it in thunderbird under Linux. That saved me, it was aimed at opening in Windows, probably only working in Microsoft Outlook.

This is what it looked like in mutt:
Dear koos :
        There is a message for you from 01427157659, on 2016/08/23 15:52:17 .
You might want to check it when you get a chance.Thanks!

[-- Attachment #2: Voicemail sound attachment. --]
[-- Type: audio/x-wav, Encoding: base64, Size: 10K --]

[-- audio/x-wav is unsupported (use 'v' to view this part) --]
The attachment is Message_from_01427157659.wav.zip but with mimetype audio/x-wav. The zip file contains:
Archive:  Message_from_01427157659.wav.zip
  Length      Date    Time    Name
---------  ---------- -----   ----
    30764  2016-08-23 12:18   614007286106.wsf
---------                     -------
    30764                     1 file
With a lot of obfuscated scripting.

What saved me this time was opening it in a mailreader/environment which tries to play an audio/x-wav file with a mediaplayer which complained about something being invalid in it.

Tags: , ,

, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 2C66 3B5D F0D7 C263 local copy PGP key 2C66 3B5D F0D7 C263 via keyservers pgp key statistics for 0x2C663B5DF0D7C263 Koos van den Hout
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews, Weather maps
This page generated in 0.032882 seconds.