I've just had the following drop in my inbox, and this is the first time I've seen a RapidShare URL NOT require you wait or enter a CAPTCHA to download the file - it just downloaded straight off the bat (saves me time analyzing it though ;o)).
hxxp://king.cd/OF4JTo7
>> hxxp://rs668tl.rapidshare.com/files/263883656/Microsoft_FrameworkUpgrade.exe
The headers show the e-mail was sent from 121.96.18.2 (121.96.18.2.bti.net.ph) which is on the BAYAN_ZION-AP (BayanTel Broadband) range, which you'll not be surprised to hear, is a residential broadband company.
With the file you're given, being a worm;
VirusTotal - Microsoft_FrameworkUpgrade.exe
http://www.virustotal.com/analisis/f26de7d6d5cd04927fd4b2f74019e9e68c0aa29df0b72e69ba304ca84f0883fe-1249507230
Thursday, 6 August 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment