Menu
Reply
  • 2.12K
  • 40
  • 343
DABhand
Super solver
287 Views
Message 1 of 7
Flag for a moderator

New nasty email being sent out.

Apparently someone called Chadresh on his VAIO laptop/PC has been sending out emails with an attached token.cab or form.cab file.

It is encoded by base64, decoded it is a .cab file which will install a root trojan that will not be good for your PC/laptop - essentially it is another botnet infection, and your PC/Laptop becomes an infector and works on sending out spam etc, and also could be used for botnet attacks.

This time around though, it was sent out by someone who doesn't understand ghosting too well, and left his own PC identity intact, the 2nd email I think he figured it out and masked it. But poor old Chadresh whoever he is cannot undo the first email.

Just delete the email or block it, but do not open the attached file. Never open .exe or .cab files from emails anyway that is asking for trouble.

Majide!
  • 7.36K
  • 828
  • 3.1K
Superuser
Superuser
278 Views
Message 2 of 7
Flag for a moderator

Re: New nasty email being sent out.

Want to report this here? Would be even better work if you did. Thank for the post. That is good wok too.

http://netreport.virginmedia.com/netreport/

-----------------------

Superuser 2017/18
Use Kudos to say thanks
Mark answer as "helpful" only when the problem is solved
Please don't send me private messages unless I ask you to.
I do not work for VM. The advice I give is based on my best understanding of VM policy and practice. You rely on it at your own risk.
0 Kudos
Reply
  • 13.62K
  • 720
  • 4.71K
Superuser
Superuser
242 Views
Message 3 of 7
Flag for a moderator

Re: New nasty email being sent out.

More information on this wave of Malware can be found here

https://myonlinesecurity.co.uk/dridex-delivered-via-random-subjects-with-cab-files/

BTW - All mail attachments are encoded in Base64 so there's nothing mysterious about that aspect.  That they are using .cab files which are essentially Microsoft's form of zip files which will autorun if double clicked is worrying though.

Ravenstar68

________________________________________


Only use Helpful answer if your problems been solved.

0 Kudos
Reply
  • 3.98K
  • 202
  • 893
cybmole
Community elder
235 Views
Message 4 of 7
Flag for a moderator

Re: New nasty email being sent out.

just out of interest, how did virgin's state of the art email filters handle this malware - I am guessing they just served it up in your inbox, unchecked and unflagged ?

0 Kudos
Reply
  • 2.12K
  • 40
  • 343
DABhand
Super solver
194 Views
Message 5 of 7
Flag for a moderator

Re: New nasty email being sent out.


ravenstar68 wrote:

More information on this wave of Malware can be found here

https://myonlinesecurity.co.uk/dridex-delivered-via-random-subjects-with-cab-files/

BTW - All mail attachments are encoded in Base64 so there's nothing mysterious about that aspect.  That they are using .cab files which are essentially Microsoft's form of zip files which will autorun if double clicked is worrying though.

Ravenstar68


Yep, was just informing that's how I received it, however what I seen was more like a botnet exploit than a password sniffer/logger.

Majide!
0 Kudos
Reply
  • 2.12K
  • 40
  • 343
DABhand
Super solver
203 Views
Message 6 of 7
Flag for a moderator

Re: New nasty email being sent out.


cybmole wrote:

just out of interest, how did virgin's state of the art email filters handle this malware - I am guessing they just served it up in your inbox, unchecked and unflagged ?


Yeah got 2 of them so no flagging etc. Not sure if they are blocking them now or not though.

Majide!
0 Kudos
Reply
  • 295
  • 11
  • 95
Moderator
Moderator
189 Views
Message 7 of 7
Flag for a moderator

Re: New nasty email being sent out.

Hi,

Thanks for the heads up with this one, just to let you know we've flagged the issue with Internet Security who are investigating.

Cheers