{"id":72623,"date":"2011-04-26T12:18:40","date_gmt":"2011-04-26T12:18:40","guid":{"rendered":"https:\/\/localhost\/wordpress\/?p=72623"},"modified":"2011-04-26T12:18:40","modified_gmt":"2011-04-26T12:18:40","slug":"malware-spammed-out-as-facefacebook-support","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/malware-spammed-out-as-facefacebook-support\/","title":{"rendered":"Malware spammed out as “FaceFacebook Support”."},"content":{"rendered":"

Another Facebook spam mail pretending that your password is not safe, currently circulating on Internet.
\nThe subject is: FaceFacebook Support. Personal data has been changed!ID55733.
\nThe email comes with an attachment called New_Password_IN33494.zip.<\/p>\n

\"\"<\/p>\n

The zip file (New_Password_IN33494.zip) contain New_Password.exe file, Quick Heal detects this file as a “Trojan.Menti.gen”.
\nNew_Password.exe tries to fool the victim as it seems a Microsoft Word Document. You should never trust a file by its icon, always pay attention to the file extension. Also make sure that Windows Explorer is set to show file extensions option.<\/p>\n

\"\"<\/p>\n

On execution New_Password.exe writes into the memory space of svchost.exe, deletes itself and downloads a file called document.doc from the domain profmiale. ru which is then saved to the desktop.This file conatins a username and password.<\/p>\n

\"\"<\/p>\n

While the victim is looking at these new login credentials, another binary is get downloaded from profmiale. ru and saved to the %temp% folder as 1.tmp. Once 1.tmp is executed, the computer immediately reboots.<\/p>\n

Files:
\n%userprofile%Desktopdocument.doc
\n%userprofile%Local SettingsTemp1.tmp<\/p>\n

Thanks Mahesh Mane for the detail Analysis.<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Another Facebook spam mail pretending that your password is not safe, currently circulating on Internet. The subject is: FaceFacebook Support. Personal data has been changed!ID55733. The email comes with an attachment called New_Password_IN33494.zip. The zip file (New_Password_IN33494.zip) contain New_Password.exe file, Quick Heal detects this file as a “Trojan.Menti.gen”. New_Password.exe tries to fool the victim as […]<\/p>\n","protected":false},"author":22,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-72623","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72623"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=72623"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72623\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=72623"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=72623"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=72623"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}