CastleCops® Spam Mail

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

Spam Mail

All -> FavForums -> Web Malware Links

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

Simon_V

1st Responder

Joined: Sep 09, 2007
Posts: 8
Location: Belgium

Posted: Wed Jan 02, 2008 10:01 pm Post subject: Spam Mail

My father got infected by this Rolling Eyes , came from a Spanish spam mail:

Code:

http://www.rcvswing.org.uk/os/anmd/abre_charges.php?Ok3mGHfxc5iPU1y=<e-mail address removeed>%0d%0aY_tip=Ok3mGHfxc5iPU1y

The file will download C:\WINDOWS\Media\LTaskup.exe, this can be seen in a HijackThis log:

O4 - HKLM\..\Run: [wTask] C:\WINDOWS\Media\LTaskup.exe

This results in the spamming of the mail to all contacts in Outlook Express.

Mod Edit: I removed the e-mail address from the url to stop spammers from getting hold of it.

_________________
So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

brewt

SIRT Handler
Premium Member

Joined: May 29, 2007
Posts: 792
Location: USA

Posted: Thu Jan 03, 2008 6:10 am Post subject:

MD5: c011d2184c25b4e7f62be39b42496409
Date: 01.03.2008 04:01:34 (CET) [<1D]
Results: 10/32
Permalink: analisis/32480998bc067a81eb0cece6e0933e6d
loads via

Code:

http://platinum-bucks.net/members/left_files/anmg/foto07_euevc.jpg | ( Tipo - Imagem JPEG ) .sCR

see this thread for file sample

tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5878

Posted: Fri Jan 04, 2008 8:07 pm Post subject:

The file has been added to the malware listserv. /t212146-MD5_c011d2184c25b4e7f62be39b42496409.html I've also edited the URL posted because it contains an e-mail address. _________________ Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender. Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx

Simon_V

1st Responder

Joined: Sep 09, 2007
Posts: 8
Location: Belgium

Posted: Fri Jan 04, 2008 8:16 pm Post subject:

Hi tetak and thanks! I'm still seeing the email address in the link in my initial post though, could you kindly edit that one? Hadn't seen it when I posted this and can't edit it anymore. _________________ So How Did I Get Infected In The First Place? Stand Up and Be Counted!

tetak

MIRT Team Lead
Premium Member

Joined: Jan 19, 2007
Posts: 5878

Posted: Fri Jan 04, 2008 8:57 pm Post subject:

Done. _________________ Got Windows XP? Help protect your PC from malware with Microsofts anti-spyware program Windows Defender. Download it for free from http://www.microsoft.com/athome/security/spyware/software/default.mspx

	All -> FavForums -> Web Malware Links	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You cannot download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 114ppm 0.197s (0.037s) Making cybercriminals unhappy since 2002*