maradydd: (Default)
[personal profile] maradydd
Just got an amusing bit of spam: a "you've received an electronic postcard" note purporting to be from http://www.all-yours.net, actually originating from silverline-s27.de. As with your average PayPal/eBay phishing scam, the "pick up your postcard" link goes to an entirely different location, in this case http://mortalcity.com/postcard.jpg.exe. (Nice try, jokers; the power of viewing all my mail in plaintext repels you.)

I haven't gone to the trouble of decompiling the binary yet, as I don't know the first thing about malware analysis and don't presently have time to learn. If any of my Gentle Readers would care to ([livejournal.com profile] foxgrrl? [livejournal.com profile] ernunnos?), though, I'd love to hear what's in it -- botnet, I'm guessing.

Anywho, mortalcity.com appears on the surface to be a legitimate small webhosting company -- at least, the domains they claim to host do in fact appear to be hosted there -- so I forwarded the spam to the admin, just in case his server's been pwned or something. And now you all know about a variation on the phishing theme, so I've done my service to society for the night.

EDIT: No reply from the admin, but the malware's gone. Huzzah.

(no subject)

Date: 2006-10-30 12:22 pm (UTC)
From: [identity profile] crabbyolbastard.livejournal.com
postcard.jpg.exe is a sfx RAR archive. The archive contains 15 files. The file svchost.exe is a virus infected mIRC client (v6.0.3.0). I'm sure that wasn't intended because it is just stupid to spread trojan packages infected with old and therefore well known viruses

# postcard.jpg.exe/data.rar/script.ini - infected
by Backdoor.IRC.Zapchast
# postcard.jpg.exe/data.rar/svchost.exe - infected by Virus.Win32.Parite.b
# postcard.jpg.exe/data.rar/sup.reg - infected by Backdoor.IRC.Zapchast

lol not so stupid after all :D

Date: 2007-12-07 10:55 am (UTC)
From: (Anonymous)
My one client just got this one, ... the corporate eTrust antivirus is crap what they had, did not stop nothing.

Luckily i installed eset now :P

she used cute webbased mail client what opens active html emails automatically :D:D

WaffaDrunker

Re: lol not so stupid after all :D

Date: 2007-12-07 11:39 am (UTC)
From: [identity profile] maradydd.livejournal.com
Gah. HTML email is the bane of my existence.

Profile

maradydd: (Default)
maradydd

September 2010

S M T W T F S
   1234
567891011
12131415 161718
19202122232425
26 27282930  

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags