Action Required – Time Sensitive Material (

We analyzed following malicious attachment that is used in theme spam on February 12 2013:

Spam Subject:
Action Required – Time Sensitive Material
From Address:
“Unemployment” <>

Spam Template:

Action Required

MD5: dd28a6cc3df2b1608dc15a4b397013b4
Size: 102,170 bytes

Pony downloader posts to its dropzone at hxxp:// hosted at IP address It was also configured to download 3 Gameover Zeus payloads from following locations:
1. hxxp://
2. hxxp://
3. hxxp://
Gameover installes in %APPDATA%\Ixra\osso.exe and had following file properties:

File: oss.exe
Size: 309,760 bytes
MD5: 93e6daf13f5239af3d7a44ecfee1b3c5
Time-Stamp: 2013-02-05 20:09:27
This Gameover Zeus variant posts to a dropzone at Webinjects were downloaded from The Gameover variant had a botid of “bofaf12” and cid of 5555.

Following P2P Drones were found embedded inside the installed Gameover Zeus payload:


One Comment

  1. Posted April 22, 2013 at 6:48 pm | Permalink | Reply

    I don’t know whether it’s just me or if perhaps everybody else encountering issues with your
    website. It appears like some of the written text in your content are running off
    the screen. Can somebody else please provide feedback and let me know if this is happening
    to them too? This could be a issue with my web browser because I’ve had this happen before. Appreciate it

    A website on technology: iFinity wireless speakers

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: