.CAB Malicious Email Attachments Being Sent by Cybercriminals

Comments: 1
Views: 65
Save
Updated: Feb. 20, 2020 2020-02-20T14:38:09
Posted: Jun. 18, 2019 2019-06-18T18:17:08
Online Threat Alerts (OTA)

Online users who have received unexpected email messages with attached files with names ending with .cab are asked not to open them. This is because the attachments are compressed files that may contain malware, malicious programs or viruses. And, any attempt to open the malicious attachments will result in the recipients getting their computers infected with a virus, Trojan horse, spyware, ransomware or other malware.

.CAB Malicious Email Attachments Being Sent by Cybercriminals

A Malicious .CAB Email Message

P.O. FOR 1 D-M MDC

Tue 6/18/2019 5:49 PM

From: Dinesh Padave | ARCPL - dinesh.p@amiriddhient.com

Attachment: PO- FOR 1 D-M MDC-PDF.cab (936 KB)

Dear sir,

PFA P.O. for 1 D-M MDC & email us invoice for the same soonest

Best Regards,

Dinesh Padave

Sr. General Manager - Logistics

Description: Description: Description: logos 2 & Description: Description: Description: bhavik chem 2

Admin & Correspondence Address:-

Office No. 16, 2nd Floor, Building B-1, Laxmi Nivas CHS Ltd, Pai Nagar, S.V. Road,

Borivali (West), Mumbai – 400092.

Boardline: 022-46123000

Direct: 022-46123014/15

Fax: 022-46123012

Email ID: dinesh.p@amiriddhient.com / info@amiriddhient.com

Cyber criminals usually store their malware in compressed files to help prevent antivirus software from detecting them. In other words, they do it because the compressed malicious email attachments may bypass the recipients' antivirus software.

What is a .CAB file?

Cabinet is an archive-file format for Microsoft Windows that supports lossless data compression and embedded digital certificates used for maintaining archive integrity. Cabinet files have .cab filename extensions and are recognized by their first 4 bytes MSCF. Cabinet files were known originally as Diamond files

Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search

engine.

Note: Some of the information in samples on this website may have been impersonated or spoofed.

Was this article helpful? +

Yes (1)
No (0)

Share this with others:

Donate Help maintain Online Threat Alerts (OTA) by clicking here.

The comments, reviews or answers below do not necessarily reflect the views of Online Threat Alerts (OTA).

June 18, 2019 at 6:40 PM by info
"Re: F.O.A 123/62-18/AD/2019 Supply
Tue 6/18/2019 6:38 PM
From: "Sales" - rey@reyzzz.club
Attachment: P0#6475663.cab (934 KB)
Dear Sir,
Please find the attached Signed & Stamped Purchase Order for P0#6475663 attached.. For further inquiry please don't hesitate to contact us. With regards, AL IHTIMAM GENERAL TRANSPORTING ESTABLISHMENT Tel: 02-5516009, Fax: 02-5516009, Mob: 054-3088711 P Consider the environment. Please don't print this e-mail unless you really need to. Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.
Kindly don’t print it unless it is highly needed. If you have received this email in error you should not disseminate, distribute or copy this e-mail and please notify the sender immediately by e-mail. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited."
Here is another scam.
remove