This morning many users in my city woke up with supposedly good news from a resume they sent to google looking for open positions:
Of course this scam does not have anything new and innovative to cause a massive impact, but here is the catch: in this part of the world, people love P2P networks and love to download unlicensed content like Windows Operating Systems, music and paid programs so they don't have to pay a cent for it. Since standard security controls like antivirus and Host IPS shows those programs like malicious and then block most of its functionality, there are a huge number of people that disregard such measures to access freely those unlicensed contents. The file referenced in the e-mail is zip compressed, MD5 4e85b6c9e9815984087f6722498a6dfc. Once uncompressed, you get document.exe, MD5 3e41ab7c70701452d046b93f764564ec. This file is widely recognized by VirusTotal with a 40/46 detection radio. It is a mass mailer with backdoor capabilities. The mass mailer malware description can be found at http://home.mcafee.com/virusinfo/virusprofile.aspx?key=153521#none and the backdoor description can be found at http://home.mcafee.com/virusinfo/virusprofile.aspx?key=100938. This little thing caused lots of help desk calls this morning to my company because people complained about very slow internet links without performing any download operations. If you were affected by this malware, please keep in mind the following recommendations:
Manuel Humberto Santander Peláez |
Manuel Humberto Santander Pelaacuteez 194 Posts ISC Handler Apr 10th 2013 |
Thread locked Subscribe |
Apr 10th 2013 7 years ago |
BitTorrent, et al are legitimate distribution systems for Linux ISOs and many other non-pirated software and datasets.
Also, most consumer A/V do not flag P2P apps as malicious. I've seen some corporate A/V flag some as PUP (Potentially Unwanted Program). |
Anonymous |
Quote |
Apr 18th 2013 7 years ago |
Sign Up for Free or Log In to start participating in the conversation!