Hong Kong E-Card Trojan
Last week, it was fake Father's Day email. Today I received an e-card invitation from a Hong Kong email address - Subject: You've received a postcard from a family member.
Now, several friends of mine live in Hong Kong, including Phil Braden, Authentium's co-founder, who recently went back to live in Hong Kong after ten years. But I'm not aware of any "family member" that would make use of a Japanese email address (xxxxx@echna.ne.jp) cloaked in a Hong Kong email address.
Maybe its a payback for the post last week on HK-based phishing toolkits.
According to Patrick Knight of our malware research labs, the link in the email does not lead to a greeting card (no surprise there) but instead leads to a payload, which, when downloaded, does a UDP scan of random IP addresses. Hmmm - sounds like the same guys.
Patrick will post further analysis on this Trojan when it comes to hand, but in the meantime, if you get an invite to download a greeting card or e-card, be careful.
No comments:
Post a Comment