Because 188.8.131.52 has been associated for a long time with malware delivery affecting all OS, including all versions of Windows, Linux, Mac and Android, It has been suggested to me that there is a strong possibility that there will be versions of these attacks that can and will affect any device or Operating system.
I have only seen Windows malware at this time using either word docs or js files.
From: Laurena Washabaugh [[email protected]]Date: 29 January 2016 at Subject: Quick Question Signed by: What's going on?
I was visting your website on 1/29/2016 and I'm very interested.
I have heard of loads of these today all coming from random senders at
I haven’t received any personally and this one was sent to me by a friend in USA who analysed the content and got the downloaded malware.
They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment.
A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers.
Please review my CV and let me know what you think.
Most of these are more directly targeted at small businesses, charities and organisations that regularly advertise as looking for staff and/or volunteers and consequently are more likely to open the attachment without thinking and be infected.
Best regards,-- Laurena Washabaugh The attachment is named Resume.rtf, but is it actually a DOCX file with a malicious macro [pastebin], the document has a Virus Total detection rate of 9/54.
An email with the subject of Quick Question pretending to attach a resume coming from random senders with a malicious word rtf attachment which is actually a word docx file is another one from the current bot runs which try to download various Trojans and password stealers especially banking Trojans like Dridex or Dyreza and ransomware like cryptolocker or Teslacrypt.
However java script is a cross browser and cross Operating system program, so be very careful and do not open any attachments on any device.
Update 1 February 2016: I have now received 1 copy directly today sent to an email account associated with a charity that I manage the website for.