Saturday, 30 March 2013
New website
Well, it's been a while since I've updated the blog, so I thought I'd better do so.
To start with, the new website is live, on the sanesecurity.com domain at the moment.
More new stuff coming shortly....
Thursday, 19 May 2011
fake dhl email using pif
Another round of fake DHL emails... but this time... it's got a PIF attachment, instead of the
normal zipped exe variety.
Here's the email....
Submitted to Threatexpert:
http://www.threatexpert.com/report.aspx?md5=8b7c994f4d5b0b5e35216bd68d87edb3
Submitted to VirusTotal (7/43)
http://www.virustotal.com/file-scan/report.html?id=2936d561853db9119ac2d5e7120f80d4e8ed39fa191365b5d8be83cfa4f95343-1305796256
It seems to be interested in the following banks:
http://eureka.cyber-ta.org/OUTPUT/8b7c994f4d5b0b5e35216bd68d87edb3/dns.txt
Detected as:
Sanesecurity.Rogue.2050 and Sanesecurity.Malware.16418
Cheers,
Steve
Sanesecurity
normal zipped exe variety.
Here's the email....
Submitted to Threatexpert:
http://www.threatexpert.com/report.aspx?md5=8b7c994f4d5b0b5e35216bd68d87edb3
Submitted to VirusTotal (7/43)
http://www.virustotal.com/file-scan/report.html?id=2936d561853db9119ac2d5e7120f80d4e8ed39fa191365b5d8be83cfa4f95343-1305796256
It seems to be interested in the following banks:
http://eureka.cyber-ta.org/OUTPUT/8b7c994f4d5b0b5e35216bd68d87edb3/dns.txt
Detected as:
Sanesecurity.Rogue.2050 and Sanesecurity.Malware.16418
Cheers,
Steve
Sanesecurity
Wednesday, 30 March 2011
strange facebook emails
Received this interesting and very simple email today...
From the source code you can see, that the link doesn't go to facebook...
... It instead, takes you to a forum... which has been hacked (which you can see when you look into the source code)
The forum then re-directs you, via a 302 re-redirect... to another site (seen with httpfox)
The final site you end up with... is a fake anti-virus site, which are generally a pain to remove :(
Checking the actual fake anti-virus site (in bold) with urlvoid.com...
You can see that out of 21 url checkers... they all come up clean....
It's not nice out there.... but Sanesecurity.Malware.15890 and Sanesecurity.Malware.15891 are currently blocking these emails.
Cheers,
Steve
Sanesecurity
From the source code you can see, that the link doesn't go to facebook...
... It instead, takes you to a forum... which has been hacked (which you can see when you look into the source code)
The forum then re-directs you, via a 302 re-redirect... to another site (seen with httpfox)
The final site you end up with... is a fake anti-virus site, which are generally a pain to remove :(
Checking the actual fake anti-virus site (in bold) with urlvoid.com...
You can see that out of 21 url checkers... they all come up clean....
It's not nice out there.... but Sanesecurity.Malware.15890 and Sanesecurity.Malware.15891 are currently blocking these emails.
Cheers,
Steve
Sanesecurity
Tuesday, 14 September 2010
birth certificate malware
Here's a birth certificate email:
Inside the zip... is surprise, surprise... an exe file:
Submitted to VirusTotal:
Added detection as:
Sanesecurity.Rogue.0hr.0914v32427 (rogue.hdb)
Cheers,
Steve
Sanesecurity
Inside the zip... is surprise, surprise... an exe file:
Submitted to VirusTotal:
Added detection as:
Sanesecurity.Rogue.0hr.0914v32427 (rogue.hdb)
Cheers,
Steve
Sanesecurity
Thursday, 26 August 2010
New FedEx malware run... Zbot
Been a while since I've posted to here, so thought it was about time...
A new malware run *just* came in... with a nice jpg and a not-so-nice exe in a zip file...
Submitted the exe to VirusTotal and the detection, isn't great...
Already being detected as: Sanesecurity.Malware.14529.UNOFFICIAL
Cheers,
Steve
Sanesecurity
A new malware run *just* came in... with a nice jpg and a not-so-nice exe in a zip file...
Submitted the exe to VirusTotal and the detection, isn't great...
Already being detected as: Sanesecurity.Malware.14529.UNOFFICIAL
Cheers,
Steve
Sanesecurity
Tuesday, 27 October 2009
Fake Facebook Password Reset Confirmation
Hi,
Has loads of these hit the inbox this morning....
Virus Total:
Detected as:
Sanesecurity.Malware.12841
Sanesecurity.Malware.12842
Has loads of these hit the inbox this morning....
Virus Total:
| Antivirus | Version | Last Update | Result |
| a-squared | 4.5.0.41 | 2009.10.27 | - |
| AhnLab-V3 | 5.0.0.2 | 2009.10.26 | - |
| AntiVir | 7.9.1.44 | 2009.10.26 | - |
| Antiy-AVL | 2.0.3.7 | 2009.10.26 | - |
| Authentium | 5.1.2.4 | 2009.10.27 | W32/Bredolab!Generic |
| Avast | 4.8.1351.0 | 2009.10.26 | - |
| AVG | 8.5.0.423 | 2009.10.26 | Win32/Heur |
| BitDefender | 7.2 | 2009.10.27 | Trojan.Downloader.Bredolab.AZ |
| CAT-QuickHeal | 10.00 | 2009.10.27 | - |
| ClamAV | 0.94.1 | 2009.10.27 | - |
| Comodo | 2744 | 2009.10.27 | Heur.Packed.Unknown |
| DrWeb | 5.0.0.12182 | 2009.10.27 | - |
| eSafe | 7.0.17.0 | 2009.10.25 | Suspicious File |
| eTrust-Vet | 35.1.7084 | 2009.10.26 | - |
| F-Prot | 4.5.1.85 | 2009.10.26 | - |
| F-Secure | 9.0.15370.0 | 2009.10.22 | Trojan.Downloader.Bredolab.AZ |
| Fortinet | 3.120.0.0 | 2009.10.26 | - |
| GData | 19 | 2009.10.27 | Trojan.Downloader.Bredolab.AZ |
| Ikarus | T3.1.1.72.0 | 2009.10.27 | - |
| Jiangmin | 11.0.800 | 2009.10.26 | - |
| K7AntiVirus | 7.10.879 | 2009.10.24 | - |
| Kaspersky | 7.0.0.125 | 2009.10.27 | Packed.Win32.Krap.w |
| McAfee | 5783 | 2009.10.26 | Bredolab.gen.a |
| McAfee+Artemis | 5783 | 2009.10.26 | Bredolab.gen.a |
| McAfee-GW-Edition | 6.8.5 | 2009.10.27 | - |
| Microsoft | 1.5202 | 2009.10.27 | TrojanDownloader:Win32/Bredolab.X |
| NOD32 | 4545 | 2009.10.26 | - |
| Norman | 6.03.02 | 2009.10.26 | W32/Obfuscated.D2!genr |
| nProtect | 2009.1.8.0 | 2009.10.26 | - |
| Panda | 10.0.2.2 | 2009.10.26 | - |
| PCTools | 4.4.2.0 | 2009.10.19 | - |
| Prevx | 3.0 | 2009.10.27 | - |
| Rising | 21.53.10.00 | 2009.10.27 | - |
| Sophos | 4.46.0 | 2009.10.27 | Mal/Bredo-A |
| Sunbelt | 3.2.1858.2 | 2009.10.26 | Trojan.Win32.Bredolab.Gen.1 (v) |
| Symantec | 1.4.4.12 | 2009.10.27 | - |
| TheHacker | 6.5.0.2.054 | 2009.10.26 | - |
| TrendMicro | 8.950.0.1094 | 2009.10.27 | TROJ_BREDLAB.SMF |
| VBA32 | 3.12.10.11 | 2009.10.26 | - |
| ViRobot | 2009.10.27.2006 | 2009.10.27 | - |
| VirusBuster | 4.6.5.0 | 2009.10.26 | - |
Sanesecurity.Malware.12841
Sanesecurity.Malware.12842
Wednesday, 26 August 2009
Spammer Fail
A nice big...
to the spammer that sent this...
Firefox says....
I think they meant http:// not htt://
:)
to the spammer that sent this...
Firefox says....
I think they meant http:// not htt://
:)
Subscribe to:
Posts (Atom)
