Overblog
Editer l'article Suivre ce blog Administration + Créer mon blog
24 février 2011 4 24 /02 /février /2011 00:26

Just to say that I received a few hours ago a spam, like in the ancient time :), but not in French this time.

 

Here is the link that appears within the body of the email:

http://g1.globo.com/sao-paulo/noticia/2011/02/video-em-que-ex-escriva-de-policia-e-despida-em-delegacia-cai-na-internet.html-0.79795

 

but in fact, here is the real link:

http://videos .katebowman.com.au/images/youtube/videos/abuso/22/2/2011/video-ex-escriva-de-policia-e-despida-em-delegacia-cai-na-internet.php?0.79795 

Caution! This one is  malicious!

 

Indeed it will automatically redirect the user to:

http://89. 149.226.195/css/video-ex-escriva-de-policia-e-despida-em-delegacia-cai-na-internet-AVI.exe

 

About the "subject" of the link, that should be interesting for an user? it is about a police clerk, "naked", makes me remind the "sextape" of a few stars... here is a translation of it:

http://g1.globo.com/sao-paulo/noticia/2011/02/video-em-que-ex-escriva-de-policia-e-despida-em-delegacia-cai-na-internet.html

"Police" and "naked", probably two words that could invite a person to click on the link... 

 

What about the IP hosting the malware, while accessed through the browsers?

- Opera 11: no warning

- Safari 5.0.3: no warning

- Firefox 3.6.13: no warning 

- IE 9: no warning...!

 

Okay, that's not really a good start. Browsers embedded security could certainly be more efficient....

Let's see what VT says about the sample: 9 engines out of 43 do detect it... I've seen better detection.

BTW, Nod32 full version (and up to date) does detect it as a variant of Banload.PMI... but Clam In the Cloud does not detect anything, and that surprises me a lil bit.

 

The sample is being run on ThreatExpert sandbox. I just received the results, they look interesting!

http://www.threatexpert.com/report.aspx?md5=8d20e04ba3e66b85fc54860794332ed6

 

I'll talk about them more in details pretty soon. 

 

 

Partager cet article

Repost0

commentaires