Virus scam in the name of the Netflix team.
If you are active on Youtube, you might get one of these messages, telling you, that you can participate in a promotion earning loads of dollars.
If you respond to the email, then you will get an answer, usually with a link to some “promotion files”.
> Hello, we are the Netflix team.
> Your YouTube channel is perfect for promoting our brand, so we’d like
> to work with you.
> Netflix is an entertainment company, streaming film and series service.
> It produces its own films and series, including animated ones,
> What do you think of this offer?
> We make the following request to you.
What is in the files?
The best reaction is to just delete the email and do not respond at all. But I was curious, as always, and downloaded the file in a Linux virtual machine. What we get is a ZIP file. The size of the ZIP file is around 7 MB, however the content is much larger if you extract it. This is mainly to prevent the files from being checked by online antivirus tools like “VirusTotal” which have a file limit.
There is also a password protection on the file to prevent your local virus scanner to scan the contents of the file.
OK, let’s extract the files. Fortunately there is also a smaller file, which can be checked easily with “VirusTotal”. The result is as expected and contains malware. Interesting enough, the original file name was “Lenovo Premium contract docx.exe”. Which means the files are used for different versions of the scam mails.