Two Viral Samples (Oct 10, 2014) Kuluoz / BCUZ / Asprox / Zortob / Kuluo / Zbot / Aspxor

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Here's a couple more "notice to appear" files:

https://www.virustotal.com/en/file/ac757dbceb00337faff1d44e7385ab223c1fc28035fe58be3997ede9fd25bda3/analysis/1412979983/

https://www.virustotal.com/en/file/31267d898c2dd85110e678f0f91be5996c21ba1845eca73881c8fc8a9ed169fe/analysis/1412983728/

Download your copies here:

http://filepost.com/files/eb1med74/Note_9584_copy.rar/

The detection ratio for them are 27/55 and 37/55.

One of them came in Wed. Oct 8 / 7 pm, the other at 1 am today.

VT hadn't seen these before I uploaded them.

Identified variously as:

Kuluoz
BCUZ
Asprox
Zortob
Kuluo
Aspxor
Picsys
Zbot

(when in doubt, call it Zbot I guess...)

Sending IP's:

70.97.1.181
70.114.178.120

Return-Paths: (which I know are just creative garbage)
  operatorNNN@lawyersinthecloud.com
  referenceNNN@lawyerscfo.com

Trend with this campaign is that Subject is always "Notice to appear"
and return-path always contains "lawyers" in the domain.

Site Timeline