New Classmates.com Malware Campaign
While reading through my spam folder, I found a new sample. There is a new malware sample being spread posing as a Classmates.com reunion message. The sample I have is MD5 895377d01833dfd01dfccb523b2d3026. I haven't done anything to analyze this file yet.
UPDATE: Here's a new copy of the executable 393473bd4a1da563ec086cff7d9c50f6
Here's the original email from my spam folder:
Received: from [188.8.131.52] by hoemail1.alcatel.com; Tue, 13 Jan 2009 18:09:56 +0100 From: "Committee members" <firstname.lastname@example.org> To: <DANNY'S EMAIL ADDRESS> Subject: Invitation to preview new Reunion Classmates. Date: Tue, 13 Jan 2009 18:09:56 +0100 Message-ID: <01c975aa$23a9f200$f213024e@ytaewgjhxuob> MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2663 Importance: Normal We are pleased to announce our Class Reunion on January 25, 2009. Please join us for a night of Glamour and Elegance as we celebrate our 2009 Year Class Reunion. We don't want to let another year go by without the opportunity for all of us to get together, reminisce about old times and learn about what our old friends have been up to. Proceed to view Your inbox video messages - 1 message: http://classmates.profile.OnlineServlet.user-2nnbxg4w0.scaneradobeflash.com /login_video737.htm?/logon/LOGIN=7lcy7xax88cyhg8