tag:blogger.com,1999:blog-804714437673009003.post2181875872235679754..comments2024-02-23T09:06:13.967+00:00Comments on Dynamoo's Blog: "Federal Tax transfer rejected" malwareUnknownnoreply@blogger.comBlogger14125tag:blogger.com,1999:blog-804714437673009003.post-58821544888793852592012-08-23T14:30:27.555+01:002012-08-23T14:30:27.555+01:00If you've clicked the link in this email, will...If you've clicked the link in this email, will Norton Antivirus catch this? Or what do you do now? AGChttps://www.blogger.com/profile/06699038247575872354noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-53048746736390021512012-08-15T09:41:53.265+01:002012-08-15T09:41:53.265+01:00@Enrique Von - I think it impacts Windows only. H...@Enrique Von - I think it impacts Windows only. However, you should make sure that all your Mac software is up-to-date to prevent any future malware threats.Conrad Longmorehttps://www.blogger.com/profile/11751822299235747323noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-43969734211670860332012-08-14T15:49:20.679+01:002012-08-14T15:49:20.679+01:00Pufff... In wished I would read all this...., woke...Pufff... In wished I would read all this...., woke up really early and pressed the link... does this malwate affect apple computers?<br />Anonymoushttps://www.blogger.com/profile/14023053531306761497noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-868237238513333612011-11-18T17:04:01.889+00:002011-11-18T17:04:01.889+00:00Hi Folks,
Just received another variant and thoug...Hi Folks,<br /><br />Just received another variant and thought I should share on this august forum. <br /><br />From: Beverly_Shepard@irs.gov<br /><br />Sent: Friday, November 18, 2011 6:19 AM<br /><br />Subject: Federal Tax transaction canceled<br /><br /> <br /><br /><br /><br />Your Tax payment (ID: Random123https://www.blogger.com/profile/03553525407861762357noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-8837495569237743122011-09-28T22:42:33.492+01:002011-09-28T22:42:33.492+01:00What I found strange with this infection was that ...What I found strange with this infection was that fact that some Yahoo DNS was being used... I think there may be something larger here that is still going undetected... Maybe DNS poisoning or DNS hijack causing these malwares to be passed in personal email, as well as some enterprise emails.Anonymoushttps://www.blogger.com/profile/14521570642762612242noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-66930234275750397892011-09-28T22:39:00.924+01:002011-09-28T22:39:00.924+01:00truruhfhqnviaosdpruejeslsuy.cx.cc is on 46.16.233....truruhfhqnviaosdpruejeslsuy.cx.cc is on 46.16.233.108. This is the same doman and IP used for the recent <a href="http://blogs.paretologic.com/malwarediaries/index.php/2011/09/26/mysql-com-hacked-serves-malware/" rel="nofollow">mysql.com</a> hack.Conrad Longmorehttps://www.blogger.com/profile/11751822299235747323noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-62548583092358605952011-09-28T21:49:07.740+01:002011-09-28T21:49:07.740+01:00I actually mitigated the issue worldwide. I captur...I actually mitigated the issue worldwide. I captured the malware in prograss, and sent in to IC3 and virustotal. VT is what many virus scanning engines pull signatures from. I have discovered the name of the virus:<br />AUTH-W32/Trojan3.CYH<br />It is an IFrame poisoning. Lastnight, I set up a CPU+GPU DDoS on the server and took it down.<br />The ip was this:<br />static-213.50.123.38.Anonymoushttps://www.blogger.com/profile/14521570642762612242noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-65521004486007528412011-09-28T19:03:17.520+01:002011-09-28T19:03:17.520+01:00The fact that these creeps continue to deliver the...The fact that these creeps continue to deliver these emails just proves that they can't be stopped, or that nobody cares to stop them. This system is <b>seriously broken</b>.<br /><br />I got mine on Sept. 28 in my spam honeypot at mailinator.com<br /><br />Envelope info:<br /><br />Received: from [95.197.245.10] (helo=izdawq.mdysoyapaqznhao.ua)<br /> by segment-119-226.sify.net with esmtpa (Charlie Goshhttps://www.blogger.com/profile/05205588932740016745noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-73438118479376430812011-09-28T08:26:32.287+01:002011-09-28T08:26:32.287+01:00@JonnyF5ve Thanks.. I amended the post the make it...@JonnyF5ve Thanks.. I amended the post the make it clearer :) Do you have any technical details such as the URL or IPs to block or an infection report.Conrad Longmorehttps://www.blogger.com/profile/11751822299235747323noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-67437918087455483682011-09-27T21:48:32.850+01:002011-09-27T21:48:32.850+01:00Well... There is a new form that broke out today. ...Well... There is a new form that broke out today. That is why I am posting. It does the same thing.. Errors out.. But it DOES inject payload. I captured it within Sandboxie.... So chances are, those who thought it "didn't work" are infected.Anonymoushttps://www.blogger.com/profile/14521570642762612242noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-38496856057234040662011-09-27T21:40:18.921+01:002011-09-27T21:40:18.921+01:00@JonnyF5ve.. this sample is a few months old. I...@JonnyF5ve.. this sample is a few months old. I'm guessing that they've got the exploit working now :)Conrad Longmorehttps://www.blogger.com/profile/11751822299235747323noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-25224232000463737642011-09-27T21:25:09.226+01:002011-09-27T21:25:09.226+01:00This ACTUALLY does INSTALL malware. It makes you T...This ACTUALLY does INSTALL malware. It makes you THINK it does not. It is an IFrame vulnerability to inject a keylogger and backdoor. Usually only targeted certain domains. Also sent out via Yahoo DNS hijack.Anonymoushttps://www.blogger.com/profile/14521570642762612242noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-67351415622173485002011-09-27T21:24:14.787+01:002011-09-27T21:24:14.787+01:00Actually... No it did NOT fail to open... That is ...Actually... No it did NOT fail to open... That is the coded response... It makes you THINK nothing happened. It is an IFrame vulnerability that injects payload silently...Anonymoushttps://www.blogger.com/profile/14521570642762612242noreply@blogger.comtag:blogger.com,1999:blog-804714437673009003.post-62438619675745081992011-06-21T15:36:57.537+01:002011-06-21T15:36:57.537+01:00I also just received that same email. It too faile...I also just received that same email. It too failed to open. SMH!Unknownhttps://www.blogger.com/profile/16924464033317037792noreply@blogger.com