Date: 1 Apr 2014 14:25:39 GMT [10:25:39 EDT]The attachment is Copy-04012014.zip which in turn contains a malicious executable Copy-04012014.scr which has a VirusTotal detection rate of just 3/50.
From: Kathryn Daley [Kathryn.Daley@rbs.com]
Subject: RE: Copy
(Copy-01042014)
The Malwr analysis shows that is has the characteristics of P2P/Gameover Zeus and it makes several network connections starting with a download of a configuration file from: [donotclick]photovolt.ro/script/0104UKd.bis
The malware then tries to contact a number of other domains. I recommend using the following blocklist:
50.116.4.71
photovolt.ro
aulbbiwslxpvvphxnjij.biz
wcdmfdujnfmsdbatgqguxkkr.com
kjcuyddisgrmzfqfirwjzqglqdq.ru
gavwnvhaknbytkvcojeifeyhcizxof.biz
ysnvydeyswzjbxsofchsctsg.net
cprhxsjukhuemfqrsdqhvo.org
zdlaupvpfmwotcxcxfedrwfq.info
ovxwwgvoupfuxhuibqwkwcjzqci.com
knpfmvdpbljfgecidpfyovjzpz.ru
xkzqwhyaixguhqrwskbqqcpz.com
No comments:
Post a Comment