obfuscation

Spam with a malicious taste (update)

This post appeared originally in: IT Security blog: http://itsecurity.co.uk/2015/03/spam-malicious-taste/   I haven’t seen in a while a well done complex spam with malicious payload. This one appears to be addressed to first name of the email recipient. As you can see in the subject, it is addressed to “SORIN” since my email address is sorin.mustaca@… The spam contains a nice piece of social engineering which creates enough curiosity to the reader to open the attached archive.   The archive is called “Notice_to_appear_in_court_<random number>.zip. The only file in the archive is a JavaScript file extremely obfuscated : Notice_to_Appear_000483082.doc.js. First of all, I asked myself why a ZIP with a JS in it? ZIP is natively supported by Windows Explorer. If you have a ZIP archive, it will be automatically opened as a folder and you can execute any file in it. JS is executed by the Windows Script host without any HTML page to interpret it. Smart, I have to agree. Now,there are some things which ruined my amazement of this spam after I executed it in a VM.   It doesn’t work… 🙂   Apparently, due to a programming error a function is called recursively without any limit. I didn’t spend any time…


%d bloggers like this:

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close