More IE7 Beta spam/malware
A new wave of "Internet Explorer 7.0 Beta" spam is currently being reported. All links to an "update.exe" file, which is hosted on various URLs. The e-mail message is adopting spam methods by "hiding" the image link among chunks of text copied from web sites.
Characteristics:
From: admin@microsoft.com
Subject: Internet Explorer 7.0 Beta
URL:
we have seen these so far (but there are likely many more):
httx://xoozee. cd/update.exe
httx://merzingo. cd/update.exe
httx://endfriends. cd/update.exe
httx://netdesks. cd/update.exe
httx://pleasedostock. hk/update.exe
httx://wordcasts. cd/update.exe
httx://abyssrecycling. co.uk/images/update.exe
httx://accentstaffing. com/images/update.exe
httx://bcweblist. com/images/update.exe
httx://actorsandactresses. co.uk/images/update.exe
httx://mikelike .cd/update.exe
It doesn't look like a feasable idea to block all these sites. However, you probably should filter e-mail from 'admin@microsoft.com' (that particular "From" address has been used in the past).
update.exe itself is a downloader which will install a second stage binary upon execution.
Characteristics:
From: admin@microsoft.com
Subject: Internet Explorer 7.0 Beta
URL:
we have seen these so far (but there are likely many more):
httx://xoozee. cd/update.exe
httx://merzingo. cd/update.exe
httx://endfriends. cd/update.exe
httx://netdesks. cd/update.exe
httx://pleasedostock. hk/update.exe
httx://wordcasts. cd/update.exe
httx://abyssrecycling. co.uk/images/update.exe
httx://accentstaffing. com/images/update.exe
httx://bcweblist. com/images/update.exe
httx://actorsandactresses. co.uk/images/update.exe
httx://mikelike .cd/update.exe
It doesn't look like a feasable idea to block all these sites. However, you probably should filter e-mail from 'admin@microsoft.com' (that particular "From" address has been used in the past).
update.exe itself is a downloader which will install a second stage binary upon execution.
Keywords:
0 comment(s)
My next class:
Network Monitoring and Threat Detection In-Depth | Singapore | Nov 18th - Nov 23rd 2024 |
×
Diary Archives
Comments