Friday, January 7, 2011

Hotfile used to spread malware

You might remember my previous post where I stated that Rapidshare is used to spread rogueware .

Exactly the same tactic is applied with Hotfile, another file hosting service.

UPDATE 13/01/2011: Spreading malware through Hotfile is still common, so to speak. I've seen a TDSS variant spreading on it with the filename "surprise.exe" VirusTotal results can be found here . RapidShare seems to be faster in cleaning up infected files.

I received an email from one of my contacts with no subject. It contained the following link:

Link from hotfile which downloads a trojan horse. Link edited for your safety.

Result: 11/41 (26.8%)
MD5: 4169dc3f5e44067435016d79336c4e1a
Anubis Report
ThreatExpert Report

After executing the file it connects to remote hosts which can download other malware.


The conclusion is actually the same as in my previous post, but I will state it once again:

You should never trust an email which has:

- only a URL included in the message
- crappy spelling and grammar if there is content in the message
- been sent out to everyone in the sender's address book
- been sent from an unknown sender
- promises you can buy something for a very cheap price
- No subject or strange subjects ( eg.: "0 enjoy yourself" )

Never reply to this kind of email, simply delete it and don't look back ;) .

If you have downloaded a program and you are unsure about its intentions, you can always upload it to VirusTotal or other online virusscanners (VirScan, Jotti). Keep in mind that if a file is not detected by any engine, it is not necessarily clean!

No comments:

Post a Comment