Yes, I just have to come up with a witty title everytime.
So anyway, in my previous post, we’ve had Chinese, Portuguese, and bad english emails with malicious attachments. Here’s one with a Russian text:
However, we are still in the process of verifying if the text is a form of social engineering, or if it’s just some user asking about a file. I’m pretty sure this is a maliciously spammed email though, given the results of the wacky babelfish translation (although if anyone can translate this right away, do tell):
“Regards, 4 I today you await in guests, ring me before to go… By the way, in the archive of 4 zapokovala the necessary for you documents… There all itself you will understand, thus far. I await!”.
And the fact that the attachment is not password-protected and IS malicious.
And oh, CAB files are just another form of archive, and I believe this is the first time I’ve seen a (malicious) CAB archive being spammed, rather than the usual ZIP (or rar, although a bit uncommon. CAB files are rare I believe)
Update(JJ, 07 April 2006 22:38:43)
Subject:“Will you come to me today?”Body:
“Hi, I waiting for you today, call me right before you come… By the way, in the archive, I saved all nessesary documents for you… You will understand what I meant, see you, bye”
And the attachment will be detected as WORM_ARESES.B.