Our friends at iDefense/Verisign shared a template with us for a new IRS phishing e-mail which they expect to be mail out soon (today). The template looks like it will be sent as a multipart mime encoded email with plain text and html part.
note that the directory starts with a '.' in order to hide it on compromised unix systems. Another common directory name is '.bbb'. file names to expect are b.php, kit.zip, update.exe
Here is the top part of the template:
Binary AttachmentsI will be teaching next: Intrusion Detection In-Depth - SANS Boston Summer 2019
Oct 30th 2007
1 decade ago