By Dancho Danchev
Cybercriminals continue targeting U.K based Internet users in an attempt to trick them into thinking that they’ve received a legitimate email from Vodafone U.K. We’ve intercepted two, currently circulating, malicious spam campaign that once again impersonate Vodafone U.K, this time relying on a bogus “Copy of Vodafone U.K” themed messages, the ubiquitous ‘MMS Message Received‘ campaign, as well as the most recent ‘Your Monthly Vondafone Bill is Ready‘ theme.
Sample screenshots of the spamvertised emails:
Detection rates for the spamvertised malicious attachments:
MD5: a5bdeaadb002e12a38c9d354097f9a9a – detected by 30 out of 46 antivirus scanners as Backdoor.Win32.Androm.aehi; TrojanDownloader:Win32/Dofoil.R.
MD5: 6aeacb54d57cddff1b1b39d2d3b32140 – detected by 6 out of 47 antivirus scanners as Artemis!6AEACB54D57C; UDS:DangerousObject.Multi.Generic.
MD5: 3965d6f027812306ea953dbd0ac0bce0 – detected by 6 out of 47 antivirus scanners as Heuristic.BehavesLike.Win32.ModifiedUPX.C; Trojan/Win32.Tepfer.
The last sample marks its presence on the affected systems through the following Mutexes:
All of these samples phone back to the same C&C server:
hxxp://18.104.22.168/fexco/com/index.php (37-139-47-159.clodo.ru, AS56534)
Webroot SecureAnywhere users are proactively protected from these threats.