Alas as you've probably guessed, and I already knew, it wasn't from Twitter. This one is from some jackass (12.96.196.234 - maha.matisp.net) that obviously doesn't know enough about trying to infect people, to either change icons, use a packer, or even try a bit harder to hide the real file type - they just tried disguising it using "document.chm{lots of spaces}.exe" - childs play stuff (little note my dear malware guy, this doesn't really work when you've sent in a zip file - the zip shows the real extension without my having to look for it).
Exported by: Outlook Export v0.1.6
From: invitations@twitter.com
E-mail:invitations@twitter.com [ 168.143.162.100 - Resolution failed ]
Date: 17/06/2009 16:49:09
Subject: Your friend invited you to twitter!
**************************************************************************
Links
**************************************************************************
Link: http://m.twitter.com/
Domain: m.twitter.com
IP: 128.121.146.100 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Unknown
Link: http://twitter.com/home
Domain: twitter.com
IP: 128.121.146.228 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Listed
PhishTank Status: Unknown
Link: http://assets1.twitter.com/images/tour_1.gif
Domain: assets1.twitter.com
IP: 128.121.146.229 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Unknown
Link: http://dotsub.com/api/smallplayer.php?filmid=3066&filminstance=3068&language=none
Domain: dotsub.com
IP: 8.17.173.15 [ Resolution failed ]
hpHosts Status: Listed
MDL Status: Not Listed
PhishTank Status: Unknown
Link: http://twitter.com/account/resend_password
Domain: twitter.com
IP: 168.143.162.100 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Listed
PhishTank Status: Unknown
Link: http://twitter.com/account/complete
Domain: twitter.com
IP: 168.143.162.100 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Listed
PhishTank Status: Unknown
Link: http://twitter.com/about#about
Domain: twitter.com
IP: 168.143.162.100 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Listed
PhishTank Status: Unknown
Link: http://twitter.com/about#contact
Domain: twitter.com
IP: 128.121.146.228 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Listed
PhishTank Status: Unknown
Link: http://blog.twitter.com/
Domain: blog.twitter.com
IP: 74.125.77.121 [ ew-in-f121.google.com ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Unknown
Link: http://status.twitter.com/
Domain: status.twitter.com
IP: 72.32.231.8 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Unknown
Link: http://twitter.com/downloads
Domain: twitter.com
IP: 128.121.146.228 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Listed
PhishTank Status: Unknown
Link: http://apiwiki.twitter.com/
Domain: apiwiki.twitter.com
IP: 208.96.32.2 [ pbwiki.com ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Unknown
Link: http://search.twitter.com/
Domain: search.twitter.com
IP: 128.121.146.107 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Unknown
Link: http://help.twitter.com/
Domain: help.twitter.com
IP: 65.74.185.41 [ zendesk.com ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Unknown
Link: http://twitter.com/jobs
Domain: twitter.com
IP: 128.121.146.100 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Listed
PhishTank Status: Unknown
Link: http://twitter.com/tos
Domain: twitter.com
IP: 168.143.162.100 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Listed
PhishTank Status: Unknown
Link: http://twitter.com/privacy
Domain: twitter.com
IP: 168.143.162.100 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Listed
PhishTank Status: Unknown
**************************************************************************
Text Version
**************************************************************************
* Skip past navigation
* On a mobile phone? Check out m.twitter.com <http://m.twitter.com/> !
* Skip to navigation
* Skip to sign in form
Select Language ... English Japanese
Twitter.com <http://twitter.com/home>
Your friend invited you to twitter!
Your friend invited you to twitter!<http://assets1.twitter.com/images/tour_1.gif>
Twitter is a service for friends, family, and co-workers to communicate and stay connected through the exchange of quick, frequent answers to one simple question: What are you doing?
To join or to see who invited you, check the attachment.
________________________________
Arrow_on_red Watch a video! <http://dotsub.com/api/smallplayer.php?filmid=3066&filminstance=3068&language=none>
Please sign in
user name or email address:
password:
Remember me
Forgot password? Click here <http://twitter.com/account/resend_password> .
Already using Twitter from your phone? Click here. <http://twitter.com/account/complete>
________________________________
*
Twitter is the first thing on the web that I've been excited about in ages.
Jason Kottke, Blogger
*
I really like Twitter.
Jeff Barr, Amazon.com, Senior Manager
*
Incredibly useful
Wired
________________________________
Footer
* 2009 Twitter
* About Us <http://twitter.com/about#about>
* Contact <http://twitter.com/about#contact>
* Blog <http://blog.twitter.com/>
* Status <http://status.twitter.com/>
* Apps <http://twitter.com/downloads>
* API <http://apiwiki.twitter.com/>
* Search <http://search.twitter.com/>
* Help <http://help.twitter.com/>
* Jobs <http://twitter.com/jobs>
* Terms <http://twitter.com/tos>
* Privacy <http://twitter.com/privacy>
close
Galleries
of
by
**************************************************************************
Headers
**************************************************************************
Return-Path: invitations@twitter.com
Delivered-To: {REMOVED}
X-FDA: 62358624678
X-Panda: scanned!
X-Filterd-Recvd-Size: 428259
Received: from twitter.com (maha.matisp.net [12.96.196.234])
by imf12.hostedemail.com (Postfix) with ESMTP
for <{REMOVED}>; Wed, 17 Jun 2009 15:51:05 +0000 (UTC)
From: invitations@twitter.com
To: {REMOVED}
Subject: Your friend invited you to twitter!
Date: Wed, 17 Jun 2009 09:49:09 -0600
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0006_DFD94041.4B307F70"
X-Priority: 3
X-MSMail-Priority: Normal
X-EsetId: 81896726F0AC3330DBCF
From: invitations@twitter.com
E-mail:invitations@twitter.com [ 168.143.162.100 - Resolution failed ]
Date: 17/06/2009 16:49:09
Subject: Your friend invited you to twitter!
**************************************************************************
Links
**************************************************************************
Link: http://m.twitter.com/
Domain: m.twitter.com
IP: 128.121.146.100 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Unknown
Link: http://twitter.com/home
Domain: twitter.com
IP: 128.121.146.228 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Listed
PhishTank Status: Unknown
Link: http://assets1.twitter.com/images/tour_1.gif
Domain: assets1.twitter.com
IP: 128.121.146.229 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Unknown
Link: http://dotsub.com/api/smallplayer.php?filmid=3066&filminstance=3068&language=none
Domain: dotsub.com
IP: 8.17.173.15 [ Resolution failed ]
hpHosts Status: Listed
MDL Status: Not Listed
PhishTank Status: Unknown
Link: http://twitter.com/account/resend_password
Domain: twitter.com
IP: 168.143.162.100 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Listed
PhishTank Status: Unknown
Link: http://twitter.com/account/complete
Domain: twitter.com
IP: 168.143.162.100 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Listed
PhishTank Status: Unknown
Link: http://twitter.com/about#about
Domain: twitter.com
IP: 168.143.162.100 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Listed
PhishTank Status: Unknown
Link: http://twitter.com/about#contact
Domain: twitter.com
IP: 128.121.146.228 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Listed
PhishTank Status: Unknown
Link: http://blog.twitter.com/
Domain: blog.twitter.com
IP: 74.125.77.121 [ ew-in-f121.google.com ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Unknown
Link: http://status.twitter.com/
Domain: status.twitter.com
IP: 72.32.231.8 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Unknown
Link: http://twitter.com/downloads
Domain: twitter.com
IP: 128.121.146.228 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Listed
PhishTank Status: Unknown
Link: http://apiwiki.twitter.com/
Domain: apiwiki.twitter.com
IP: 208.96.32.2 [ pbwiki.com ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Unknown
Link: http://search.twitter.com/
Domain: search.twitter.com
IP: 128.121.146.107 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Unknown
Link: http://help.twitter.com/
Domain: help.twitter.com
IP: 65.74.185.41 [ zendesk.com ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Unknown
Link: http://twitter.com/jobs
Domain: twitter.com
IP: 128.121.146.100 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Listed
PhishTank Status: Unknown
Link: http://twitter.com/tos
Domain: twitter.com
IP: 168.143.162.100 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Listed
PhishTank Status: Unknown
Link: http://twitter.com/privacy
Domain: twitter.com
IP: 168.143.162.100 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Listed
PhishTank Status: Unknown
**************************************************************************
Text Version
**************************************************************************
* Skip past navigation
* On a mobile phone? Check out m.twitter.com <http://m.twitter.com/> !
* Skip to navigation
* Skip to sign in form
Select Language ... English Japanese
Twitter.com <http://twitter.com/home>
Your friend invited you to twitter!
Your friend invited you to twitter!<http://assets1.twitter.com/images/tour_1.gif>
Twitter is a service for friends, family, and co-workers to communicate and stay connected through the exchange of quick, frequent answers to one simple question: What are you doing?
To join or to see who invited you, check the attachment.
________________________________
Arrow_on_red Watch a video! <http://dotsub.com/api/smallplayer.php?filmid=3066&filminstance=3068&language=none>
Please sign in
user name or email address:
password:
Remember me
Forgot password? Click here <http://twitter.com/account/resend_password> .
Already using Twitter from your phone? Click here. <http://twitter.com/account/complete>
________________________________
*
Twitter is the first thing on the web that I've been excited about in ages.
Jason Kottke, Blogger
*
I really like Twitter.
Jeff Barr, Amazon.com, Senior Manager
*
Incredibly useful
Wired
________________________________
Footer
* 2009 Twitter
* About Us <http://twitter.com/about#about>
* Contact <http://twitter.com/about#contact>
* Blog <http://blog.twitter.com/>
* Status <http://status.twitter.com/>
* Apps <http://twitter.com/downloads>
* API <http://apiwiki.twitter.com/>
* Search <http://search.twitter.com/>
* Help <http://help.twitter.com/>
* Jobs <http://twitter.com/jobs>
* Terms <http://twitter.com/tos>
* Privacy <http://twitter.com/privacy>
close
Galleries
of
by
**************************************************************************
Headers
**************************************************************************
Return-Path: invitations@twitter.com
Delivered-To: {REMOVED}
X-FDA: 62358624678
X-Panda: scanned!
X-Filterd-Recvd-Size: 428259
Received: from twitter.com (maha.matisp.net [12.96.196.234])
by imf12.hostedemail.com (Postfix) with ESMTP
for <{REMOVED}>; Wed, 17 Jun 2009 15:51:05 +0000 (UTC)
From: invitations@twitter.com
To: {REMOVED}
Subject: Your friend invited you to twitter!
Date: Wed, 17 Jun 2009 09:49:09 -0600
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0006_DFD94041.4B307F70"
X-Priority: 3
X-MSMail-Priority: Normal
X-EsetId: 81896726F0AC3330DBCF
Oh and yep, detection for it is rubbish;
http://www.virustotal.com/analisis/1bd8f69e0cb0bf9dbb030017b443a1a29b621ace505a4e7511af60e07e71e447-1245256337
http://anubis.iseclab.org/?action=result&task_id=1c37c92a7e9740054a572a01b5f330b23&format=html
/edit
I've not looked at this yet as it's only just arrived, but here's the TE report for you (JoeBox couldn't analyze it, and my test machine isn't back up yet - still in pieces);
http://www.threatexpert.com/report.aspx?md5=ead830f63ee1e868bcca769e86fbbdd4
No comments:
Post a Comment