Thursday, 19 May 2011

fake dhl email using pif

Another round of fake DHL emails... but this time... it's got a PIF attachment, instead of the
normal zipped exe variety.

Here's the email....

Submitted to Threatexpert:

Submitted to VirusTotal (7/43)

It seems to be interested in the following banks:

Detected as:

Sanesecurity.Rogue.2050 and Sanesecurity.Malware.16418



Wednesday, 30 March 2011

strange facebook emails

Received this interesting and very simple email today...

From the source code you can see, that the link doesn't go to facebook...

... It instead, takes you to a forum... which has been hacked (which you can see when you look into the source code)

The forum then re-directs you, via a 302 re-redirect... to another site (seen with httpfox)

The final site you end up with... is a fake anti-virus site, which are generally a pain to remove :(

Checking the actual fake anti-virus site (in bold) with

You can see that out of 21 url checkers... they all come up clean....

It's not nice out there.... but Sanesecurity.Malware.15890 and Sanesecurity.Malware.15891 are currently blocking these emails.