------------------------------ BEGIN OF WARNING SECTION ------------------------------ This diary have live malware links, so be careful if you decide to access them. ------------------------------ END OF WARNING SECTION ------------------------------ Spammers are busy this week in my Country! Today april 11 2013 I received a spam claiming to be a promotion from the biggest retail company in the country and statng that they are giving for free debit cards for US$274.54.
This link points to http://katiepriceuk.com/wp-content/gallery/ecards/www.exito.com.tarjetaderegalo.php. Having a look with wireshark shows the following:
This looks like a vulnerable wordpress site which got modified by a redirect injection. Second one looks like a hacked drupal with the FCKEditor module compromised. Check below:
MD5 for the downloaded zip file is 11da149ca99f2cc9f64c5e4fca76a9f1. The following are the zip content details:
After analyzing this little thing, it turned out to be a koobface variant. Virustotal detection rate is pretty high (36/42), but as I stated in my previous diary, too many people around here does not like to install security controls inside their computers because they do not allow them to use insecure programs or they just think that investing in antimalware / HIPS licenses is not worth it. If you are in Colombia, please remember that cybercrime is rising and local computer criminals are diseminating specific antimalware targeting banking software from local banks (Bancolombia, Grupo Aval, Corpbanca, ...) and of course every web access you perform to the personal banking sites or payment sites using your banking information. You will do yourself a favor if you invest in basic security controls for your computer like:
Manuel Humberto Santander Peláez |
Manuel Humberto Santander Pelaacuteez 195 Posts ISC Handler Apr 12th 2013 |
Thread locked Subscribe |
Apr 12th 2013 9 years ago |
The above basic security controls are valid and have stood the test of time (>20 years). Unfortunately, the recommendations are often costly and generally impair system performance. A more acceptable option is to select a messaging service provider that offers content inspection as well as malware detection. More importantly, exercise caution when opening messages, attachments and following embedded links. In short, practicing rudimentary information security precautions.
|
VB33 6 Posts |
Quote |
Apr 13th 2013 9 years ago |
> generally impair system performance
I'd rather have slightly-slower systems than have to spend _my_ time nuking compromised systems and rebuilding them. Besides, when's the last time that your "standard" new PC, with dual-cores and two threads per core, ever ran at 100% CPU for enough time for you to notice? It's time to buy a new computer, to replace your Pentium 166 Mhz CPU. > practicing rudimentary information security precautions You're waging a "sucker" bet that every computer-user inside your network was paying attention during the tutorial that you gave on the topic (you did give that class, correct?) |
Anonymous |
Quote |
Apr 15th 2013 9 years ago |
Sign Up for Free or Log In to start participating in the conversation!