|
There was a massive malware spam campain directed to corporate domains in Colombia. The following was the e-mail received:
Now this e-mail has two interesting aspects:
When opened, this document has embedded a visual basic script that downloads a known trojan password stealer designed for colombian banks. This domain uses a private registation service, avoiding to know the identity of the registrar:
Be careful when opening unknown e-mails. You could be leaking information and compromising your computer, even when you see google domain in the URLs. Manuel Humberto Santander Peláez |
Manuel Humberto Santander Pelaacuteez 195 Posts ISC Handler May 1st 2015 |
| Thread locked Subscribe |
May 1st 2015 7 years ago |
|
Whois History from Domain Tools reveals the registrant:
Registrant Name: Jonathan Moctezuma Olvera Registrant Organization: X-Solutions Registrant Street: Real de los Encinos23A real de atizapan Registrant Street: Atizapan de Zaragoza Registrant City: Estado de Mexico Registrant State/Province: Mexico Registrant Postal Code: 52945 Registrant Country: Mexico Registrant Phone: +420.25179 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: jmoctezuma@xsolutions.com.mx |
Anonymous |
| Quote |
May 1st 2015 7 years ago |
|
Manuel,
Is there a way to open these emails while avoiding the tracking from triggering? |
SasK 12 Posts |
| Quote |
May 1st 2015 7 years ago |
Quote:Be careful when opening unknown e-mails. You could be leaking information and compromising your computer, even when you see google domain in the URLs. Excellent advice and will add another layer. Numerous families I know have been hit when clicking on Google Images by their kids doing school work. Though I have reported @ least 25, I can only say Google is fast becoming quicksand at all levels. Another way I try to cut down is plug-ins to block GA and other beacons. Yes, it is a bit more work, however once compromised you wish you would have taken that extra time. Nothing is fool proof, just add a heavy cup of common sense. Compute safe all. |
ICI2I 63 Posts |
| Quote |
May 1st 2015 7 years ago |
|
thunderbird under linux will not open graphic file unless you tell it to. it will also allow you to preview the raw text of the email, including full headers. it will not send acknowledgement unless you tell it to. there are other mail clients that have similar features, but i am most familiar with thunderbird.
|
Moriah 133 Posts |
| Quote |
May 1st 2015 7 years ago |
|
Aren't you lucky.
 We've been getting these for about a month. The most recent versions contain a URL that's a google search link for a dropbox link which is hosting the actual malware...I've been searching our mail logs for subjects that contain " ACH " and the words cancelled, aborted, denied, rejected. That finds most of them although there are a few other permutations too. |
Brent 133 Posts |
| Quote |
May 4th 2015 7 years ago |
|
Warning: shameless plug follows: These were reported to me by a user before any automated tools began detecting/reporting/blocking these. We recently started using phishme.com to help educate the userbase and get them reporting phish more often than falling for them. We still have some users who fall for every phish they see but now I'm getting earlier reports of phish which means I can sometimes do a little malware/phish analysis and proactively block the phish and/or block URLs/hostnames before every user sees the phish and clicks on a link or opens an infected office or pdf file or runs the attached .exe/.scr/.com file, etc.
|
Brent 133 Posts |
| Quote |
May 4th 2015 7 years ago |
Sign Up for Free or Log In to start participating in the conversation!
