mx lab blog – all about anti virus and anti spam
August 5, 2008 1 Comment
Spammers have found a new victim. After the use of Google URLs spammers now use Windows Live Spaces in their spam campaigns.
Superior Relief Offers
http://************.spaces.live.com/default.aspx
your boss told you
so that you can spend
Lusia R., New York
Following the link in the spam messages leads to a Windows Live Space with spam for “all kinds of meds” with a link to the Discount Pharmacy.
August 5, 2008 3 Comments
About an hour ago, a new variant of the Angelina Jolie mailware emails has been intercepted. She is still very popular when it comes to malware.
Some previous emails regarding the Jolie video included an URL to a web site where a malware file was hosted named video-anjelina.avi.exe, video-nude-anjelina.avi.exe or something similar.
This time there is an attached file Angelina_Jolie.rar that contains Angelina_Jolie.exe to the email. The .rar archive is password protected and the password is included in the email. This is somehow good news so you can’t double click and execute the malware by accident.
Virus Total permalink and MD5: 672b90f8297836e6bdc6549ae7425346.
The subject is most of the time Anjelina Jolie Free Video but can change of course.
This malware has a low threat profile but makes connections to remote hosts. It is assumed that the real infection will be done with these downloaded files. The backdoor component allows the remote hacker to download/install additional components. On one of the remote hosts the file video-nude-anjelina.avi.exe is downloaded.
Only 2 engines of the 36 detect that this file is not to be trusted. Virus Total permalink and MD5: 785a11b9eef80dce6810ee6f1ada5adc.
