Malicious email fraud "Re: Scan from a Xerox W. Pro #XXXXXXX" earnings with a new face
Malicious email fraud “Re: Scan from a Xerox W. Pro #XXXXXXX” earnings with a new face
About 6 months ago, a antagonistic email fraud with a theme “Re: Scan from a Xerox W. Pro #XXXXXXX” went wild. This fraud has returned – this time, with a new face! Instead of creation we insert a .zip file, as it did in a past, it now prompts we to click a download link. You know we shouldn’t click this link, right?
The Websense® ThreatSeeker® Network has rescued that a download URL couple is indeed a antagonistic URL.
As shown in a screenshot below, we can see that there is an iframe in a payload. This redirects a couple to a antagonistic site that hosts a Blackhole feat kit. Once a iframe is loaded, calm from the Blackhole feat kit (which contains a rarely obfuscated book ) site is also loaded. Upon decoding a code, we can now see that a tangible formula searches for exposed software, and uses an suitable exploit. Successful exploitation executes a shellcode that triggers a download and execution of malware.
The pack is now widespread and popularly used by attackers. It offers users software-as-a-service (Saas) solution, where all they need to do is simply lease a kit. The domain registration, site configuration, and setup are rubbed by a author group. Another unequivocally engaging aspect of this kit, that singly differentiates it from a competitors, is that it provides administration options for intelligent phones! Users do not need to implement any application; it is simply a Web-based interface optimized for intelligent phones. Furthermore, there is an administration choice for this pack to use subterraneous audio and video scanners for malware. This lets enemy tweak their malware samples to make them undetectable before to rising their conflict live.
So far, the Websense® Triton® Hosted Security Message Center has rescued some-more than 3,000 messages in this campaign.
Websense business are stable opposite this conflict with ACE, the Advanced Classification Engine.
Shi Linghang
Leave a Comment