Cisco Security Intelligence Operations has significant activity related to spam e-mail messages that claim to contain a video that may contain illegal content for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment to view the details of the video. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
Your video may have content that is owned or licensed by Music Publishing Rights Collecting Society.
No action is required on your part; however, if you are interested in learning how this affects your video, please open attached file with Content ID Matches section of your account for more information.
– The YouTube Team
E-mail messages that are related to this threat (RuleID4583 and RuleID4583KVR) may contain the following files:
Fake Infringing Video Content E-mail Messages on
The andromeda bot is able to reload more malware and data spying.
This sample sends data to folgener ip:
folgener autostart entry is created:
HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion policies Explorer Run
C: DOCUME ~ 1 ALLUSE ~ 1 LOCALS ~ 1 Temp msyygru.bat