From: FaxThe link is so obviously not anything to do with Google. Clicking on it loads another script from triera.biz.ua/twndcrfbru/zjliqkgppi.js which in turn downloads a ZIP file from www.yerelyonetisim.org.tr/pdf/Message_2864_pdf.zip which has a VirusTotal detection rate of 3/55.
Date: 16 September 2014 11:05
Subject: You've received a new fax
New fax at SCAN0204102 from EPSON by https://victimdomain
Scan date: Tue, 16 Sep 2014 15:35:59 +0530
Number of pages: 2
Resolution: 400x400 DPI
You can download your fax message at:
http://ngujungwap.mobi.ps/sgfyzdptdc/gotmvoeqkk.html
(Google Disk Drive is a file hosting service operated by Google, Inc.)
This malware then phones home to the following locations, according to this ThreatTrack report:
188.165.204.210/1609uk4/NODE01/0/51-SP3/0/
188.165.204.210/1609uk4/NODE01/1/0/0/
188.165.204.210/1609uk4/NODE01/41/5/4/
brisamarcalcados.com.br/css/1609uk4.lim
Recommended blocklist:
188.165.204.210
brisamarcalcados.com.br
triera.biz.ua
yerelyonetisim.org.tr
ngujungwap.mobi.ps
No comments:
Post a Comment