Home

Trojan “Oficla” pushesh Rogueware “Antimalware Doctor”

  • Pravesh Shinde / 15 years
  • 0
  • 1 min read

We have analyzed a suspicious email in our security lab that email shown below Above email has an attachment. This attachment is a zip archive which contain a trojan oficla variant. This trojan has a Microsoft word file icon. Upon execution it downloads below script file. https://ilovelasvegas.ru/web/St/bb.php?v=200&id=881716830&b=23avgust&tm=72 The script contains string as shown below: “[info]runurl:https://91.204.48.46/kasuli.exe|taskid:39|delay:15|upd:0|backurls:[/info]” […]

Online Form Site Builder usage

  • Ranjeet Menon / 15 years
  • 0
  • 1 min read

The phishing community has discovered new way to collect the information from victims. They now are using Online Form Site Builder service to create form and collect victim’s data. We received a mail targeting ICICI bank user, which contained a html file as an attachment. The subject line of the mail is “Exclusive Privacy Option […]

‘Here you have’ virus hits some major companies in US.

  • Sanjay Katkar / 15 years
  • 0
  • 1 min read

Thursday we observed a new worm that started to spread over Internet by emailing the address books of infected PC. The email contains the subject line as “Here you have” or “Just for you” and contains a link to a file which seems to be a PDF file. The email when received in inbox looks […]

Zero Day critical vulnerability in Adobe Reader and Acrobat Reader

  • Sanjay Katkar / 15 years
  • 0
  • 1 min read

A critical vulnerability (CVE-2010-2883) exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and Unix and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. Currently we have not come across such sample but […]

Visa bill pay scam

  • Ayush Sonavane / 15 years
  • 1
  • 1 min read

Yesterday I received a mail regarding “Payment Processed by Visa Bill Pay” as below… If one open this file then a Trojan get installed on system in application data folder, this Trojan connect to below domain and it may further lead to fake antivirus scams, malicious redirects, viruses, trojans, rogue installers, key loggers, droppers, browser […]

United Parcel Service (UPS) Tracking scam email

  • Ranjeet Menon / 15 years
  • 0
  • 1 min read

We are seeing rise in scam email posing as tracking mail notification from US based delivery company United Parcel Service. The mail pretends to be from UPS it has subject line Delivery problem. It notify user… We failed to deliver postal package sent on so on date… in time because the recipent’s address is wrong. […]

Lottery Winning Notification Scam

  • Vishal Dodke / 15 years
  • 0
  • 2 min read

Today I received scam mail as below related some lottery in which i won, this one i never bought …Lottery scam letters are sent out by the thousands every day. There are only two things the bad guys want: your money and your identity. ******************************************* from GRAHAM SMITH to date Thu, Aug 26, 2010 at […]

Microsoft confirms remote code-execution bug

  • Yashowardhan Rai / 15 years
  • 0
  • 2 min read

This is in continuation to my yesterday’s blog. Microsoft’s advisory has confirmed that the attacks exploit a weakness in the way programs load associated libraries. The binary files can be located in a variety of directories, including those on networks controlled by a malicious hacker. According to Microsoft the vulnerability exists in Windows applications made […]

Windows applications affected by remote code-execution bug

  • Yashowardhan Rai / 15 years
  • 0
  • 1 min read

About 200 Windows applications are vulnerable to remote code-execution attacks that exploit a bug in the way the programs load binary files on Windows OS (at least XP, Vista and Windows 7). According to Mitja Kolsek, CEO of Acros Security, the critical vulnerability, which has already been patched in Apple’s iTunes media player for Windows […]

DHL delivery update

  • Ayush Sonavane / 15 years
  • 0
  • 1 min read

The “DHL delivery” related mail carrying variants of Trojan.Bredolab, Trojan.Oficla and many others are still on our radar. Current email comes from the spoofed address like -DHL Parcel Support -DHL Tracing Support -DHL Manager Elsa Addison -DHL Manager Magdalena Lindsey -DHL Delivery Services having common subjects -DHL Tracking number 844018042457 -DHL Tracking NR 3119547460 -DHL […]