![]() You can find more about Dancho Danchev at his LinkedIn Profile. ![]() Webroot SecureAnywhere users are proactively protected from these threats. We’ll continue monitoring the developments of the campaign, and post updates as soon as new campaigns are launched. Sample detection rate for the third sample: MD5: 252c797959273ff513d450f9af1d0242 – detected by 25 out of 46 antivirus scanners as TrojanDownloader:Win32/Kuluoz.B The domain seems to be a legitimate Taiwanese songwriting company/individual, indicating that their server has been compromised and is currently used as command and control server. Songwriter.tw is currently responding to 59.126.131.132 – Email: expires on (YYYY-MM-DD) None of these IPs currently respond to any specific domains, besides 59.126.131.132. Sample detection rate for the second sample: MD5: ab25d6dbf9b041c0a7625f660cfa17aa – detected by 37 out of 46 antivirus scanners as Upon execution, it phones back to the following URLs: Sample detection rate for the first sample: MD5: 0e2e1ef473bb731d462fb1c8b3dd7089 – detected by 35 out of 46 antivirus scanners as Hxxp://hxxp://hxxp://panexpress.es/BFLYQUDUJI.html Sample spamvertised compromised URLs participating in the campaign: Third screenshot of a sample spamvertised email used in the campaign: Second screenshot of a sample spamvertised email, again, part of the same campaign: Sample screenshot of the spamvertised email: This time they didn’t try impersonating USPS, UPS or DHL, but FedEx. Upon execution, the malware phones back to the command and control servers operated by the party that launched it, allowing complete access to the infected PC. ![]() At the end of October, a cybercriminal or group of cybercriminals launched three massive spam campaigns in an attempt to trick users into clicking on a deceptive link and downloading a malicious attachment. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |