Overblog
Editer l'article Suivre ce blog Administration + Créer mon blog
7 mai 2011 6 07 /05 /mai /2011 16:44

Here is the mail that currently spreads:

MSG_live_osama_060511-copie-1.PNG

The link provided does not work itlself.

But the real link does:

http://noticias. terra.woonet.co.kr/videos/paquistao/terrorismo/osama/05/05/2011/video-proibido-mostra-momento-da-execucao-de-obama-por-agentes-na-operacao.php?0.14094

 

PLease note the allusion to "Obama" et "execution", even if I'm not a linguist. There is probably a mistake, or a will to associate "Obama" and "execution" (that should be "Osama's execution"...).

IE9, working with SmartScren/Windows Defender does alert and blocks the download, that's good.

BTW, Clam In the Cloud and Panda Cloud do detect the sample as well.

Then, according to VT, 24 engines (reminder: command line versions) out of 41 do detect the malware:

http://www.virustotal.com/file-scan/report.html?id=e367ad6e9f26191e59dab7a9b681d05f40b23fee120ef1757def56c4a2b84f4b-1304723523

Murlo/Delf, well, nothing that new.

And to finish with, a sandbox:

http://www.threatexpert.com/report.aspx?md5=8bef97fcdd7a160b230749b824b9cb95

Just an oldfashion Rbot packed with Pklite32... and it mostly targets Brazilian websites/assets.

In a nutshell, do not open that email nor click on the link!

 

Partager cet article

Repost0

commentaires