This is a pretty common malspam campaign that's been seen for the past few months.
No exploits, it just requires a Windows user to save and run it. (Depending on OS version, there will be at least a few security prompts to get through in order to run local JScript.)
Right along with the "we've processed the payment for your flight on your credit card" click here.
A friend of mine noted that they had a card compromised in a recent breach, they changed it immediately of course, and then got an email with their actual old card number in it with a bogus attachment. We were tempted to let the trojan run to see what sort of group is so interested in spear phishing him but we decided to pass, we don't have a malware aquarium to run it in sadly.
5 comments
[ 0.64 ms ] story [ 34.7 ms ] thread--- Response with attachment ---
Notice to Appear,
You have a unpaid bill for using toll road. Please, do not forget to service your debt.
You can review the invoice in the attachment.
Sincerely, Joshua Mayer, E-ZPass Support.
http://pastebin.com/f8uYQDTs
http://pastebin.com/TwP9bAc4
This is a pretty common malspam campaign that's been seen for the past few months.
No exploits, it just requires a Windows user to save and run it. (Depending on OS version, there will be at least a few security prompts to get through in order to run local JScript.)
Right along with the "we've processed the payment for your flight on your credit card" click here.
A friend of mine noted that they had a card compromised in a recent breach, they changed it immediately of course, and then got an email with their actual old card number in it with a bogus attachment. We were tempted to let the trojan run to see what sort of group is so interested in spear phishing him but we decided to pass, we don't have a malware aquarium to run it in sadly.