United States Postal Email Spreads Rogueware

It seems that it is from United States Postal services. It is a spam email. User can receive such a email as shown below.

This email has a malicious file as an attachment in a zip format. The file comes with a Microsoft xls file icon.

If user run the file then it asks for below http request

https://webauc.ru/mydog/bb.php

This script contains additional urls. From where it downloads and executes additional malwares on the affected machine.
The data identified by the above URL was then requested from the remote web server.

https://[xxxx].196.134.35/test/morph.exe
https://[xxxx].204.48.46/test/dogpod.exe

It then downloads and executes Rogueware on the affected machine.

More information about remote host server.

Domain: WEBAUC.RU
Person: Private Person
Created: 2010.10.12
Paid-till: 2011.10.12
IP Country Germany
IP Address 85.195.104.162

Pravesh Shinde

Pravesh Shinde

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image

This website uses cookies to ensure you get the best experience on our website. Learn more