Editer l'article Suivre ce blog Administration + Créer mon blog
7 mai 2011 6 07 /05 /mai /2011 16:44

Here is the mail that currently spreads:


The link provided does not work itlself.

But the real link does:

http://noticias. terra.woonet.co.kr/videos/paquistao/terrorismo/osama/05/05/2011/video-proibido-mostra-momento-da-execucao-de-obama-por-agentes-na-operacao.php?0.14094


PLease note the allusion to "Obama" et "execution", even if I'm not a linguist. There is probably a mistake, or a will to associate "Obama" and "execution" (that should be "Osama's execution"...).

IE9, working with SmartScren/Windows Defender does alert and blocks the download, that's good.

BTW, Clam In the Cloud and Panda Cloud do detect the sample as well.

Then, according to VT, 24 engines (reminder: command line versions) out of 41 do detect the malware:


Murlo/Delf, well, nothing that new.

And to finish with, a sandbox:


Just an oldfashion Rbot packed with Pklite32... and it mostly targets Brazilian websites/assets.

In a nutshell, do not open that email nor click on the link!


Partager cet article