Showing posts with label credit card blocked. Show all posts
Showing posts with label credit card blocked. Show all posts

Friday, 2 September 2011

Increase in malicious spam



Rodel Mendrez from M86 Security labs has made an excellent post on a Massive Rise in Malicious Spam:

http://labs.m86security.com/2011/08/massive-rise-in-malicious-spam/





As he notes in his conclusion, "It seems spammers have returned from a holiday break and are enthusiastically back to work."





So I decided to check out if I had received some spam as well. Jackpot ;-) !





UPS notification























































Re: End of July Statement Required









Your credit card has been blocked











ACH Transfer Review







Most of the files are displaying a Word or PDF icon to trick

the user in opening the file:





Some examples of attachments, with their respective

VirusTotal results:



Invoice_08.17.2011_Collcod.exe

MD5: cf0397bb622e4ed9dfdeb07fcbfa9687

VirusTotal Report



MasterCard_invoce_ID73284783275943.doc.exe

MD5: 0b7eba77dd4bcea3c670c4a664e98778

VirusTotal Report

UPS_Document.exe

MD5: 17f9148b130a94ab1f50030ebbf2415a

VirusTotal Report



form-62091.exe

MD5: e18d8cb2a4264a3c559d7967b3c6ab99

VirusTotal Report



When opening either of these files, you can end up with a rogue.

One example rogueware I got was "System Repair":



System Repair rogueware



The dropped file that is launching the rogueware:



pusk3.exe

MD5: 27077c2058983bb76bd09cdad69f7bde

Result: 36/44 (81.8%)

VirusTotal Report

ThreatExpert Report

Anubis Report







Conclusion

Conclusion is pretty simple: Do not open any attachments from unknown senders.

If you happen to be infected with System Repair, you can for example use the guide on Bleepingcomputer:

http://www.bleepingcomputer.com/virus-removal/remove-system-repair

By at No comments:
Labels:forex, iqoption, pubg Hacked , , , , , ,
Subscribe to: Posts (Atom)