Friday, September 2, 2011

Increase in malicious spam

Rodel Mendrez from M86 Security labs has made an excellent post on a Massive Rise in Malicious Spam:

As he notes in his conclusion, "It seems spammers have returned from a holiday break and are enthusiastically back to work."

So I decided to check out if I had received some spam as well. Jackpot ;-) !

UPS notification

Re: End of July Statement Required

Your credit card has been blocked

ACH Transfer Review

Most of the files are displaying a Word or PDF icon to trick
the user in opening the file:

Some examples of attachments, with their respective
VirusTotal results:

MD5: cf0397bb622e4ed9dfdeb07fcbfa9687
VirusTotal Report

MD5: 0b7eba77dd4bcea3c670c4a664e98778
VirusTotal Report

MD5: 17f9148b130a94ab1f50030ebbf2415a
VirusTotal Report

MD5: e18d8cb2a4264a3c559d7967b3c6ab99
VirusTotal Report

When opening either of these files, you can end up with a rogue.
One example rogueware I got was "System Repair":

System Repair rogueware

The dropped file that is launching the rogueware:

MD5: 27077c2058983bb76bd09cdad69f7bde
Result: 36/44 (81.8%)
Anubis Report


Conclusion is pretty simple: Do not open any attachments from unknown senders.
If you happen to be infected with System Repair, you can for example use the guide on Bleepingcomputer:

No comments:

Post a Comment