There are two public broadcast TV stations at Colombia. We received a report that a e-mail is out there claiming to be from one of the stations and announcing they have the video of Fidel Castro’s funeral:
The URL points to a UK server and downloads a nasty little malware done in Visual Basic that changes Windows parameters and recolects info from your computer. The trojan used to upload the malware is located on the same directory:
We encourage Web server admins to keep updated security patch and avoid default configurations on web servers that could allow attackers to upload these kind of files to your webserver. This backdoor is pure php and, as you can see, has a lot of useful options.
Please keep in mind also that clicking URL links inside e-mail is dangerous. Always go to the web server typing yourself the URL.
– Manuel Humberto Santander Pelez | http://twitter.com/manuelsantander | http://manuel.santander.name
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
View full post on SANS Internet Storm Center, InfoCON: green
Related Posts
- 500 free credits from Facebook – malware
There's no such thing as a free lunch - or free Facebook credits. As proof consider the attack described below which has several stages:1) Users get messages with o... - An open letter to Facebook about safety and privacy
Dear Facebook,
As you know, for some years we have been discussing with your security team our concerns about safety and privacy on Facebook.
Every day, victims report to us numerous incidents of crim... - Scam email lead to Keylogger. Beware!
Among a lot of various scam emails about “post express“, we found one email that is unfamiliar, and pretty sure this is a different malware, with subject “Available for pickup“... - Zynga Poker: Facebook Poker Account Confirmation. Beware!
If you receive a message like following:
Hello : [name]
Thanks for playing on Zynga applications.
We have reviewed the suspension on your account. After reviewing your account activity, it wa... - Nigerian scam email claims to be from the FBI
Scam clue #1: FBI personnel can probably write proper English
Alert reader Brian in GFI Business Customer Support forwarded this gem:
From: Sean Dean. [mailto:Sean.Dean@Fbi.gov.us]
Sent: Thursday, F... - Spam or scam messages. Beware! [02-09-2011]
The following is spam or scam message that sent via email or a site/blog comment. If you receive this, just ignore it, and please don't execute the attachment if any.
1.
Do you need a loan or fun... - “Worst trip ever” email scam
This wandered into a spamtrap last night, and you should consider firing it into the heart of the Sun:
"Am sorry for not informing you about my propose trip to UK and presently I'm writing this with... - Post Express Service package delivery failure email has malware attached
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “”Post Express Service. Package is available for pickup! NR1535″.
The email is send fr... - SafeCentral: New York Times article says it “protects users even if there’s malware on the computer”
A few weeks ago I demonstrated SafeCentral to Riva Richmond of the New York Times. She wrote an article appears in Friday's New York Times covering a "new breed of products" that address online iden... - Geek Squad 2MM: Protect Your Computer Against Malware
Geek Squad Agents Mohammad Shahabuddin and Juan Campos discuss ways to protect your computer against malware....
Posted on 25 May 2010. Tags: 23rd, Announcing, Castro's, Computer, Email, Fidel, funeral, Malware, nasty, Scam
