So, perhaps this is a related attack.
It starts with a greeting card:
If you've not got Javascript enabled, you'll see this screen, where the file it wan't you do download is on a .hk server and the exe is called fun.exe:
Looking deeper at the code, it's doing something iffy:
If you do click on the link, you are served an exe file, which when submitted to VirusTotal gives you this result:
Again, coverage not too hot :(
Currently detected as: Email.Malware.Sanesecurity.07061701
No comments:
Post a Comment