Thursday, 19 May 2011

fake dhl email using pif

Another round of fake DHL emails... but this time... it's got a PIF attachment, instead of the
normal zipped exe variety.

Here's the email....












Submitted to Threatexpert:
http://www.threatexpert.com/report.aspx?md5=8b7c994f4d5b0b5e35216bd68d87edb3

Submitted to VirusTotal (7/43)
http://www.virustotal.com/file-scan/report.html?id=2936d561853db9119ac2d5e7120f80d4e8ed39fa191365b5d8be83cfa4f95343-1305796256

It seems to be interested in the following banks:
http://eureka.cyber-ta.org/OUTPUT/8b7c994f4d5b0b5e35216bd68d87edb3/dns.txt

Detected as:

Sanesecurity.Rogue.2050 and Sanesecurity.Malware.16418

Cheers,

Steve
Sanesecurity