Starting today we’ve started to see a resurgence of this tactic, but this new variant is spoofing the Department of Justice. This department had not been one of the spoof targets of the previous spam runs. Below is a redacted screen shot of the new scam (from F-Secure):
As you can see from the above screen shot, the message has an attachment named complaint.zip which contains the malware payload.A couple of similarities in social engineering tactics between this scam and the previous scams from this summer are the inclusion of the name of the person and the name of the company that the message is being sent to. You’ll notice from the screen shot that there are also grammatical errors and misspellings.
Volumes of this scam have been pretty low; on the order of a few hundred being seen by our Threat Operations Center per hour. No information yet as to specific targetting of this scam. This post will be updated as more information becomes available.
