{"id":72744,"date":"2010-10-27T06:35:37","date_gmt":"2010-10-27T06:35:37","guid":{"rendered":"https:\/\/localhost\/wordpress\/?p=72744"},"modified":"2010-10-27T06:35:37","modified_gmt":"2010-10-27T06:35:37","slug":"united-states-postal-email-spreads-rogueware","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/united-states-postal-email-spreads-rogueware\/","title":{"rendered":"United States Postal Email Spreads Rogueware"},"content":{"rendered":"<p>It seems that it is from United States Postal services. It is a spam email. User can receive such a email as shown below.<br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/2_upsblog.JPG\" alt=\"\" width=\"474\" height=\"552\" \/><\/p>\n<p>This email has a malicious file as an attachment in a zip format. The file comes with a Microsoft xls file icon.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogs.quickheal.com\/wp-content\/uploads\/archive\/1_upsblog.serendipityThumb.JPG\" alt=\"\" width=\"96\" height=\"110\" \/><\/p>\n<p>If user run the file then it asks for below http request<\/p>\n<p>https:\/\/webauc.ru\/mydog\/bb.php<\/p>\n<p>This script contains additional urls. From where it downloads and executes additional malwares on the affected machine.<br \/>\nThe data identified by the above URL was then requested from the remote web server.<\/p>\n<p>https:\/\/[xxxx].196.134.35\/test\/morph.exe<br \/>\nhttps:\/\/[xxxx].204.48.46\/test\/dogpod.exe<\/p>\n<p>It then downloads and executes Rogueware on the affected machine.<\/p>\n<p>More information about remote host server.<\/p>\n<p>Domain: WEBAUC.RU<br \/>\nPerson: Private Person<br \/>\nCreated: 2010.10.12<br \/>\nPaid-till: 2011.10.12<br \/>\nIP Country Germany<br \/>\nIP Address 85.195.104.162<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It seems that it is from United States Postal services. It is a spam email. User can receive such a email as shown below. This email has a malicious file as an attachment in a zip format. The file comes with a Microsoft xls file icon. If user run the file then it asks for [&hellip;]<\/p>\n","protected":false},"author":20,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-72744","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72744"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=72744"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72744\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=72744"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=72744"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=72744"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}