A new (to me) malware spam

I haven’t seen this particular malware spam before – obviously it is not the real thing :)

Note the @nyc.gov email address.

The message path is interesting – the email *apparently* originated from nyc.gov (167.153.240.51) to be picked up by 115.240.131.132 (obbh.com - India Delhi Rcom-wireless-1x-mumbai).

Interestingly, 167.153.240.51 does, apparently, host nyc.gov as well as nycppf.org - the host resolves as prtl-drprd-web.nyc.gov.

So, are we looking at forged headers or a problem affecting nyc.gov? Note how the dates are screwy – according to the headers the mail was sent from 167.153.240.51 on 3 August but wasn’t passed on by 115.240.131.132 until the 17th of August?

The attachment is definitely bad – when unzipped the contents (a single file) has a PDF icon but is actually an EXE:
http://www.virustotal.com/file-scan/report.html?id=03bb5be0e6d29420526eb47fbed0558a0c72a9f1b6b41d1dadd280eca4a69f1f-1313626987

Published Thu, Aug 18 2011 9:40 by sandi

Filed under: Vulnerabilities, viruses and exploits

Comments

# re: A new (to me) malware spam

Friday, August 19, 2011 2:46 PM by thomas

Curious that the nyc.gov website has no means of forwarding this spam to them, alerting them to the problem. Guess they think...It's not THEIR problem!

Spyware Sucks

Blog Recent Posts

Syndication

Search

News

Blog Archive List

Tag Cloud