jairobel
GForum VIP
- Entrou
- Set 24, 2006
- Mensagens
- 13,098
- Gostos Recebidos
- 0
Há um e-mail circulando por aí induzindo os usuários a clicarem num link para ver imagens da tragédia das chuvas em Santa Catarina. Esse é o pior tipo de cracker: o que se aproveita da desgraça alheia para infectar um computador. O assunto da mensagem é "vídeo exclusivo desastre Santa Catarina" e o suposto vídeo oculta um cavalo-de-tróia.
Alerts
BOOKMARK THIS ALERT
digg | del.icio.us | reddit
newsvine | furl | technorati Santa Catarina Flood Malicious Spam
Date:12.03.2008
Threat Type: Malicious Web Site / Malicious Code
Websense® Security Labs™ ThreatSeeker™ Network has discovered a spam lure that attempts to capitalize on the recently reported natural disasters in the state of Santa Catarina, in the south of Brazil.
This campaign uses email messages that look like a news alert about the current disaster in Santa Catarina. To appear genuine, the lure includes a legitimate telephone number for donations. The messages also contain a link that appears to provide a video of the recent disasters. This link actually leads to a malicious executable, a Trojan downloader named "Video_SC_Desastre.exe" (SHA1: 6862b862877e5cb9f2180cc53ee4338977bc0efb).
Example of malicious email:
When "Video_SC_Desastre.exe" is run, it connects to various sites. The executable first connects to a site, www.*SNIP*so.com, that informs the BOT controller about the infection. The executable then connects to a hosting provider account at *SNIP*.bizhostnet.com. Password stealing Trojans are downloaded from that site to the compromised machine and registered as BHOs. These files are hosted in the form of JPG images, but actually are malicious executables.
Trojan's network activity snapshot:
Among other malicious activities of the downloaded Trojans, one Trojan, msnmgr.exe, launches a password stealing application spoofing MSN Live Messenger.
MSN Live Messenger spoof:
Websense Messaging and Websense Web Security customers are protected against these threats.
Alerts
BOOKMARK THIS ALERT
digg | del.icio.us | reddit
newsvine | furl | technorati Santa Catarina Flood Malicious Spam
Date:12.03.2008
Threat Type: Malicious Web Site / Malicious Code
Websense® Security Labs™ ThreatSeeker™ Network has discovered a spam lure that attempts to capitalize on the recently reported natural disasters in the state of Santa Catarina, in the south of Brazil.
This campaign uses email messages that look like a news alert about the current disaster in Santa Catarina. To appear genuine, the lure includes a legitimate telephone number for donations. The messages also contain a link that appears to provide a video of the recent disasters. This link actually leads to a malicious executable, a Trojan downloader named "Video_SC_Desastre.exe" (SHA1: 6862b862877e5cb9f2180cc53ee4338977bc0efb).
Example of malicious email:
When "Video_SC_Desastre.exe" is run, it connects to various sites. The executable first connects to a site, www.*SNIP*so.com, that informs the BOT controller about the infection. The executable then connects to a hosting provider account at *SNIP*.bizhostnet.com. Password stealing Trojans are downloaded from that site to the compromised machine and registered as BHOs. These files are hosted in the form of JPG images, but actually are malicious executables.
Trojan's network activity snapshot:
Among other malicious activities of the downloaded Trojans, one Trojan, msnmgr.exe, launches a password stealing application spoofing MSN Live Messenger.
MSN Live Messenger spoof:
Websense Messaging and Websense Web Security customers are protected against these threats.