Blog for hpHosts, and whatever else I feel like writing about ....

Thursday, 6 August 2009

Alert: Malicious Microsoft e-mail using king.cd and RapidShare

I've just had the following drop in my inbox, and this is the first time I've seen a RapidShare URL NOT require you wait or enter a CAPTCHA to download the file - it just downloaded straight off the bat (saves me time analyzing it though ;o)).

hxxp://king.cd/OF4JTo7
>> hxxp://rs668tl.rapidshare.com/files/263883656/Microsoft_FrameworkUpgrade.exe

The headers show the e-mail was sent from 121.96.18.2 (121.96.18.2.bti.net.ph) which is on the BAYAN_ZION-AP (BayanTel Broadband) range, which you'll not be surprised to hear, is a residential broadband company.

With the file you're given, being a worm;

VirusTotal - Microsoft_FrameworkUpgrade.exe
http://www.virustotal.com/analisis/f26de7d6d5cd04927fd4b2f74019e9e68c0aa29df0b72e69ba304ca84f0883fe-1249507230

No comments: