Monday, 18 June 2007

Greeting Card: fun.exe

ISC has an interesting article on an Attack involving .hk domains

So, perhaps this is a related attack.

It starts with a greeting card:
















If you've not got Javascript enabled, you'll see this screen, where the file it wan't you do download is on a .hk server and the exe is called fun.exe:






Looking deeper at the code, it's doing something iffy:








If you do click on the link, you are served an exe file, which when submitted to VirusTotal gives you this result:













Again, coverage not too hot :(

Currently detected as: Email.Malware.Sanesecurity.07061701

No comments: