Analysis by: Jude Bordallo

There was an observed outbreak of spammed email messages, typically imageless text message attached with a compressed .ZIP file. What is noteworthy about this particular outbreak is that the main body of the spammed email messages and the malicious attachment changed with every iteration.


One spammed message, as seen above, tried to lure the user into executing the zipped file that purportedly came from The Equinox Resort & Spa. The message begins to describe a certain transaction allegedly made by the user involving a particularly large amount. The urgency of the letter may fool the user into actually trying to claim the refund by filling the form out. Other samples contained a supposed message from MasterCard, warning users about an unauthorized transaction using their credit card. The message then advises user to check more details in the attached archive, luring users into opening the malicious attachment.


Two other versions of this spam also surfaced, which includes spam messages with adult content and a package delivery notification from UPS.

 SPAM BLOCKING DATE / TIME: August 03, 2011 GMT-8
 TMASE INFO
  • ENGINE:6.8
  • PATTERN:8302