Posted by Mikko @ 10:42 GMT | Comments
We've just seen another fake Christmas card malware run.
E-mails looked like this:
The links are masked and point to a fake Yahoo Greeting card site. Do note the fake URL (abuse messages have been sent about the site).
The site prompts the user to download malicious
macromedia-flashplayerupdate.exe (md5: 506744BF870B5B0E410087BD6F3EFD37).
We detect this file as an Agent variant. It collects various types of information from the infected machine and sends it back to the malware author via a website.
Update: Another domain is being used too, registered by the same person — http://www.yahoo.americangreetings.com.droeang.net.
資料來源 http://www.f-secure.com/weblog/archives/00001330.html
We've just seen another fake Christmas card malware run.
E-mails looked like this:
The links are masked and point to a fake Yahoo Greeting card site. Do note the fake URL (abuse messages have been sent about the site).
The site prompts the user to download malicious
macromedia-flashplayerupdate.exe (md5: 506744BF870B5B0E410087BD6F3EFD37).
We detect this file as an Agent variant. It collects various types of information from the infected machine and sends it back to the malware author via a website.
Update: Another domain is being used too, registered by the same person — http://www.yahoo.americangreetings.com.droeang.net.
資料來源 http://www.f-secure.com/weblog/archives/00001330.html
全站熱搜
留言列表
