Jump to content


New Malware SPAM

  • Please log in to reply
No replies to this topic

#1 AplusWebMaster



  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 05 June 2007 - 09:48 AM


- http://isc.sans.org/...ml?storyid=2919
Last Updated: 2007-06-04 21:56:30 UTC ~ "...Password protected zip file as SPAM with the password included in the HTML body of the email...
> From: line may show a news organization. However the actual sources of the email is all over the map (numerous broadband IPs on several continents). Hopefully most people have been trained to not trust the From: line or reply to spammy looking emails by now.
> Sample Subject Lines:
Subject: Re: U.S. violent crime up again, more murders, robberies
Subject: Man Awakens From 19-Year Coma
Subject: Law hits Las Vegas ...bands

Several of the samples included body text such as:
Decade Of Mystery: John Ramsey Speaks
Man wakes from 19-year coma in Poland US vows to pursue hunt for missing soldiers
Password for submitted attachment is xxx

Attachments include names such as "<news organization>-news<digits>.zip". At the moment AV coverage (of the uncompressed file) is spotty..."

More detail:
- http://www.f-secure....7.html#00001204
June 5, 2007 ~ "...Attachments are password protected Zip archives with random filenames but appear to come from news organizations. The binary inside has the filename v245o.exe and is now detected as Backdoor:W32/Spamuwi.A..."


Edited by apluswebmaster, 05 June 2007 - 11:10 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...

Member of UNITE
Support SpywareInfo Forum - click the button