Be on the Alert
I am seeing a large amount of spam hit our network that has been successful at fooling our spam filter. The
emails contain .zip and .html extensions with various file names. The subject also varies. Some subjects
that I have seen are:
Your Funds Will Be Transferred
From Jan RIchter (name varies)
Newest Products
Latest Software
The zip file is being analyzed to determine what payload may be involved. You may want to remind your email
users to refrain from opening any attachments that they weren't expecting to receive.
UPDATE: We have received some information from one of our readers that the zip file that he received contained
a multiple exploit-kit downloader. He indicated that there are over 120,000 successful downloads of the exe file.
They have discovered that IP address 173. 204. 119 . 122 is where the file appears to be hosted at and is being
updated with new binaries consistently. The downloader appears to grab a few files with random file names and
have been observed connecting too imagehut4 .cn, allxt .com, hitinto .com. Jason indicates that all files appear
to run fully under Windows VMWARE and are resistant to detection by many of the common threat programs.
Many thanks to Jason for supplying us with the information.
We also have received a report of emails that are hitting which tell the recipient that they letter cannot be opened
due to low screen resolution. It says that they need to open the attached zip file for the message. Again the filename
for the zip file varies. Thanks to Jason R for this information.
Deb Hale Long Lines, LLC
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
https://defineprogramming.com/
Dec 26th 2022
8 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
8 months ago
rthrth
Jan 2nd 2023
8 months ago