Anko Ship / export inquiry (Virus)

Dear sir/Madam

Thank you for doing business with us in the past. My name is Tonia and i am representing Anko Ship & Export. Please find attached our updated company profile with required technical details and contract terms for attached inquiry.

Please review the contract and also quote your best quote and payment terms.

Thanks and kind regards.

Mrs Tonia

Anko inquiry 1511855105.jar
ANKO DOC.rar

File analysis (Virus) :

Anko inquiry 1511855105.jar

Baidu : Java.Trojan.Agent.a
Cyren : Java/Agent.BEL
F-Prot : Java/Agent.BEL
Ikarus : Win32.Outbreak

ANKO DOC.rar :

Baidu : Java.Trojan.Agent.a
Cyren : Java/Agent.BEL
F-Prot : Java/Agent.BEL
Ikarus : Win32.Outbreak
Sophos AV : Mal/DrodZp-A

Email analysis :

NOTE : import@bondagency.com
NOTE : User-Agent : Roundcube Webmail/1.2.7
NOTE : Received : from pleskbusinessweb.if1.housing.ehiweb.it
NOTE : (pleskbusinessweb.if2.housing.ehiweb.it [79.98.45.57])

From Lady Rossi Please.

From Lady Rossi Please.

Am Rossi Robertson, I have been suffering from ovarian cancer disease. I am parly Burkina, and partly Indonesia. but based in Burkina Faso, Africa since ten years ago as a business woman dealing with cocoa exportation, now that i am about to end the race like this, without any family members and no child. I have$1 Million US DOLLARS in BCB BANK. here in Burkina Faso. which i instructed the bank to give African union leaders to help sick people around Africa. But my mind is not at rest because of that i am writing this letter now through the help of my Doctor beside me here in my hospital room. I also have $4.5 Million US Dollars in Bank Of Africa Burkina Faso,

Which i want you to claim from the bank and use it to help less privilege people in your country, but you must assure me that you will take only 40% of the total money and give the rest 60% to the orphanage home in your country, for my heart to rest. Upon the receipt of your email that you are willing and capable to execute my plan, i will instruct the bank Management to make an immediate transfer into your account.

Furthermore as soon as you receive the message reply me with your personal information and you will also send me a copy id to forward to them so that they will take note that you are the person I am willing my wealth;

Sincerely,
Ms. Rossi Robertson.

Email analysis :

NOTE : rosyrobersy011@gmail.com
NOTE : rosi.robertson@gmail.com
NOTE : X-Yahoo-Newman-Property : ymail-3
NOTE : client-ip=212.82.96.231;

COLLABORATION

Good morning

I come by this e-mail to send my best greetings in first and then you have my excuses for this unexpected contact. But imagine with me that it is being given the urgency and the importance of this agreement. Indeed, I work with a group of miners of Ghana, which currently has a gold quantity which they want to sell immediately. It is approximately 89 kilos from a bar from gold, 22 carats+ in 28 000 dollars on a kilo. Moreover, I must say that we do not have yet the official documents with the gold export. Therefore, I come by this e-mail to contact you and to see whether you are interested in this product.

Hoping to have your news soon, please accept my best greetings.

Bidi NAA SARKU.

Bonjour

Je viens par ce mail pour envoyer mes salutations les meilleures en premier et ensuite vous avez mes excuses pour ce contact inattendu. Mais imaginez avec moi qu'il est étant donné l'urgence et l'importance de cet accord. En effet, je travaille avec un groupe de mineurs du Ghana, qui actuellement dispose d'une quantité d'or qu'ils veulent vendre immédiatement. C'est environ 89 kilos de Lingot d'or, 22 carats+ à 28 000 dollars par kilogramme. En outre, je dois dire que nous n'avons pas encore les documents officiels à l'exportation d'or. Donc, je viens par ce mail pour vous contacter et de voir si vous êtes intéressé à ce produit.

Espérant avoir de vos nouvelles bientôt, s'il vous plaît acceptez mes salutations les meilleures.

Bidi NAA SARKU.

Email analysis :

NOTE : bidi.naasarku@gmail.com
NOTE : Return-Path : < cuongtq.qld@moh.gov.vn >
NOTE : X-Originating-Ip : [41.86.234.165]
NOTE : X-Virus-Scanned : amavisd-new at moh.gov.vn
NOTE : Content-Transfer-Encoding : quoted-printable
NOTE : X-Mailer : Zimbra 8.0.6_GA_5922 (zclient/8.0.6_GA_5922)
NOTE : Thread-Topic : COLLABORATION
NOTE : Message-Id : < *.*.*.JavaMail.zimbra@moh.gov.vn >
NOTE : Content-Type : text/plain; charset=utf-8
NOTE : Received : from unknown (HELO mail.moh.gov.vn) (103.1.210.45)
NOTE : Received : from localhost (localhost [127.0.0.1])
NOTE : by mail.moh.gov.vn (Postfix)
NOTE : Received : from mail.moh.gov.vn ([127.0.0.1])
NOTE : by localhost (mail.moh.gov.vn [127.0.0.1])
NOTE : Received : from localhost (localhost [127.0.0.1])
NOTE : by mail.moh.gov.vn (Postfix)
NOTE : Received : from mail.moh.gov.vn ([127.0.0.1])
NOTE : by localhost (mail.moh.gov.vn [127.0.0.1])
NOTE : Received : from mail.moh.gov.vn (mail.moh.gov.vn [103.1.210.45])
NOTE : by mail.moh.gov.vn (Postfix)

Analysis of the scam :

The server from Vietnamese Ministry of Health seems compromised. The server from the Vietnamese Ministry of Health relays the scam from 41.86.234.165. The user cuongtq.qld is the compromised account.