Bredolab and FakeAV spread again with spam emails

We noticed in the past week a new wave of spam emails that contain a file attached in ZIP or RAR format that is used to spread the dangerous trojan Bredolab and the setup files of rogue security software (FakeAV). In some emails we have found a file attached with extension PDF that is used to exploit a vulnerability in Adobe and execute malicious code on the victim’s computer.

Below there is a list of the subjects of the emails:

Thank you for setting the order No.937453
Thank you for setting the order No.038803
Thank you for setting the order No.364582
Thank you for setting the order No.063272
Thank you for setting the order No.204523
Outlook Setup Notification
Please confirm your order!
UPS Tracking #8045421962
Account notification
I hope the patch works!

Senders:

from 196.210.42.73 by gatekeeper.rkeng.com
from 190.20.11.225 by rotor.com.mx2.emailblockade.rcimx.net
from 88.117.81.132 by mail.rotwand.com
from 186.28.222.233 by rgbsys.com
from 78.101.216.30 by rbdc.com.vcitynet.com
from 95.105.26.105 by razzanirealty.com.s5a2.psmtp.com
from 188.58.63.86 by mx1.emailsrvr.com
from 41.153.194.141 by mail.rossof.com
from 83.44.96.144 by mx227.front02.scannet.dk
from 90.192.230.101 by alt1.aspmx.l.google.com
from 203.241.244.249 by mail.rowanrentals.com
from 188.186.156.237 by es3mta-2.messageone.com
from 178.93.116.2 by mailin.rzone.de
from 115.117.208.210 by ridgewells.com.s7b1.psmtp.com

Random Posts

Previous Posts