Cybercriminals are spamvertising yet another malware-serving campaign. Impersonating the IRS, malicious attackers are attempting to entice end users into downloading and executing a malicious file attachment.
Spamvertised message: Tax notice, There are arrears reckoned on your account over a period of 2010-2011 year. You will find all calculations according to your financial debt, enclosed. Sincerely, Internal Revenue Service
Detection rate:
Calculations.exe - TrojanDownloader:Win32/Dofoil.D - 33/43 (76.7%)
MD5 : 178bb562d9c0ef2b0a87467dcbd945ee
SHA1 : 9ef75146aeb27102a1e5662284f369a43144225c
SHA256: d1551934d60033c871b377015c8be65d608b33543f149369d1e70361e06dc05e
Upon execution, it phones back to falcononfly2006.ru/blog/task.php?bid=2bfc680038ba2be7&os=5-1-2600&uptime=0&rnd=150156
falcononfly2006.ru - 91.229.90.139, AS6753 - Email: makrogerhouse@yandex.ru
makrogerhouse@yandex.ru is also associated with the following domains:
diamondexchange2011.ru
philippinemoney2011.ru
Bedownloader2011.ru
dolcekomarenoro2011.ru
forsalga102.ru
runescapegpge2011.ru
yomwarayom2001.ru
philippinemoney2011.ru
moneymgmt2011.ru
moneykeep2011.ru
firewallmakeover.ru
czechmoney2011.ru
communityspace2911.ru
brazilianmoney2011.ru
Monitoring of the campaign is ongoing.
This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.
No comments:
Post a Comment