dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2177
share rss forum feed


DrStrange
Technically feasible
Premium
join:2001-07-23
West Hartford, CT
kudos:1

Heads up, infected spam made it past virusblocker

Got two spams this morning which obviously contained malicious attachments. Look like they're being sent to ELNK addresses using an alphabetical list, possibly harvested from a dictionary attack to find active personal websites.

The attachment looks like: [random number]transact_store.zip
I'm not sure what it's supposed to do. It scans clean at Virustotal.
I had a look at it with a hex reader and from what I saw and my limited knowledge of code, it might be a file encrypter of some sort.

My guess is it's similar to this threat:
»tools.cisco.com/security/center/···Id=32178

I'm sending it to Microsoft. Maybe they'll figure it out.


DrStrange
Technically feasible
Premium
join:2001-07-23
West Hartford, CT
kudos:1

1 edit
According to Microsoft, it's a worm, not an encryptor. It downloads malware and copies itself to removable drives. Apparently, it's a new variant that was flying under the radar.

»www.microsoft.com/security/porta···amarue.I

Virustotal says 11/48 as of 10AM EST.