Just to say that I received a few hours ago a spam, like in the ancient time :), but not in French this time.
Here is the link that appears within the body of the email:
but in fact, here is the real link:
Caution! This one is malicious!
Indeed it will automatically redirect the user to:
About the "subject" of the link, that should be interesting for an user? it is about a police clerk, "naked", makes me remind the "sextape" of a few stars... here is a translation of it:
"Police" and "naked", probably two words that could invite a person to click on the link...
What about the IP hosting the malware, while accessed through the browsers?
- Opera 11: no warning
- Safari 5.0.3: no warning
- Firefox 3.6.13: no warning
- IE 9: no warning...!
Okay, that's not really a good start. Browsers embedded security could certainly be more efficient....
Let's see what VT says about the sample: 9 engines out of 43 do detect it... I've seen better detection.
BTW, Nod32 full version (and up to date) does detect it as a variant of Banload.PMI... but Clam In the Cloud does not detect anything, and that surprises me a lil bit.
The sample is being run on ThreatExpert sandbox. I just received the results, they look interesting!
I'll talk about them more in details pretty soon.