Lawsuit notice: Social Engineering Attack

Yesterday, I got an email saying some company has filed a lawsuit against me in court with the link to download a word file supposed to be containing copyright law violations.
As expected it turned out to be a very sophisticated social engineering attack. When I downloaded the file and scan in virustotal, very few antiviruses were able to detect it.
I thought of analysing it today and guess what, my Microsoft Security Essential which had no clue yesterday about the suspecious .doc file has detected it as a trojan dropper malware and removed it. Damn, I should have taken backup of it :(

Security Essessential Detecting malware

Anyways, following are the some of the surface details about the piece of malware.

File size        :      76827 bytes
Filetype       :     Rich Text Format data, version 1, ANSI
MD5              :     6db76304a2aff6bef94364b86abd8b7f

SHA1            :     14451211a50d6ef71b4c2a24601607471f52a7ef

Malware is also named as :

  • Mal/RtfExe-A
  • RTF.EmbedEXE.Gen
  • TR/Dropper.Gen
  • Trojan.Dropper.Gen
  • Suspicious.Insight

Please don’t fall pray to such emails. Please do not  download & open documents received from unknown/untrusted source.

If you find this[r439875.doc] file on your system, then

  • Delete the file
  • Scan your computer with updated anti-virus software.
  • Update and install latest MS Word patches.

Following is the email data used in the social engineering attack.

March 25, 2010
Marcus Law Center
350 Broadway, Suite 300
New York, NY 10013

To Whom It May Concern:

On the link bellow is a copy of the lawsuit that we filed against you in court on March 15, 2010.
Currently the Pretrail Conference is scheduled for April 15th, 2010 at 10:00 A.M. in courtroom #12.
The case number is 3478254. The reason the lawsuit was filed was due to a completely inadequate response
from your company for copyright infrigement that our client Danilison Inc is a victim of.
http://www.marcuslawcenter.com/s/r439875.doc [removed]

Danilison Inc has proof of multiple Copyright Law violations that they wish to present in court on April 15th, 2010.

Sincerely,
Marcus Law Center
Marcus Law Center LLP

References:

  1. Virus Total Result
Rating 3.00 out of 5

One Response to “Lawsuit notice: Social Engineering Attack”

  1. chackraview.net » Blog Archive » Lawsuit notice: Social … | InfoSec Resources Says:
    April 5th, 2010 at 1:59 am

    [...] here: chackraview.net » Blog Archive » Lawsuit notice: Social … AKPC_IDS += "487,";Popularity: unranked [...]

Leave a Reply

This entry was posted on Friday, March 26th, 2010 at 1:14 am and is filed under Information Security, Malware analysis, Virus Signature. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Get Adobe Flash playerPlugin by wpburn.com wordpress themes