Threat Level: green Handler on Duty: Tom Webb

SANS ISC: InfoSec Handlers Diary Blog - e-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer. InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

e-mail scam announcing Fidel Castro's funeral ... and nasty malware to your computer.

Published: 2010-05-23
Last Updated: 2010-05-23 19:53:08 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
0 comment(s)

There are two public broadcast TV stations at Colombia. We received a report that a e-mail is out there claiming to be from one of the stations and announcing they have the video of Fidel Castro's funeral:

 

The URL points to a UK server and downloads a nasty little malware done in Visual Basic that changes Windows parameters and recolects info from your computer. The trojan used to upload the malware is located on the same directory:

Netshell Screenshot

We encourage Web server admins to keep updated security patch and avoid default configurations on web servers that could allow attackers to upload these kind of files to your webserver. This backdoor is pure php and, as you can see, has a lot of useful options.

Please keep in mind also that clicking URL links inside e-mail is dangerous. Always go to the web server typing yourself the URL.

-- Manuel Humberto Santander Peláez  |  http://twitter.com/manuelsantander  |  http://manuel.santander.name

 

0 comment(s)
Diary Archives