Login   |   Secure Purdue > News

Malicious email alert: "Voice Message from Unknown [random number]"

STEAM-ADVISORY NO. 2013102301
PURDUE UNIVERSITY SECURITY STEAM-CIRT
Wednesday, October 23, 2013 13:00:00 EDT

==OVERVIEW==

Email containing malicious .zip attachment with .exe application file.
The application is suspected to contain Cryptoware/Ransomware.

==SYSTEMS AFFECTED==

Purdue users, mostly targeted at employees. The malware aimed at
Windows systems.

==DETAILS==

Another instance of spam emails containing malware infected .zip
attachments has recently been distributed amongst Purdue users.

The attachment name is VoiceMessage.zip
The subject is "Voice Message from Unknown [random number]."
The sender is spoofing a Purdue address of voice3@purdue.edu.

If you have received this email, please ignore and delete.

==SOLUTIONS==

A sample of the malware was sent to McAfee. They provided us with an
Extra.DAT file which has been pushed out via ePO.

Ignore or delete the email. If any user has taken any action to open
the contents of the attachment, assume the machine is compromised and
disconnect it from the network. Please contact us if that user has
access to any sensitive or restricted data. If not, please reimage
their workstation and have the user reset their password and challenge
questions.

==FURTHER INFORMATION AND RESOURCES==

w w w.purdue.edu/securePurdue/news/2013/recent-spam-emails-containing-malware-loaded-attachements.cfm
(remove spaces from links)

==STEAM-CIRT CONTACT INFORMATION==

For questions concerning this advisory, please send email to:
itap-securityhelp@purdue.edu.

Report computer-related abuse to STEAM-CIRT:
w w w.purdue.edu/securePurdue/incidentReportForm.cfm
w w w.purdue.edu/securepurdue/steam
(remove spaces from links)

Posted by ITSP on October 23, 2013, in Advisory Alerts.