<<<
Thursday, January 9, 2014
>>>
 
Spam Overdose Yields Fareit, Zeus and Cryptolocker Posted by Karmina @ 13:15 GMT

Somebody has been busy these past two days... We have seen a massive spam surge with the same subjects and attachments in our spam traps.

emails (40k image)



emailstats (28k image)



The attachments usually have the following filenames.

attachname (11k image)

The binary attachment is a threat that is often referred to as Fareit. Fareit is known to steal information such as credentials and account information from installed FTP clients and cryptocurrency wallets, and stored passwords in browsers.

For the two samples coming from these spam, we've seen them connecting to these to send information:
networksecurityx.hopto.org
188.167.38.131
94.136.131.2
66.241.103.146
37.9.50.200

In addition to stealing data, these samples download other malware including Zeus P2P from:
ip-97-*.net/zA6.exe
119*4/fF3krry.exe
rot*.com/124Tzh.exe
ww*ng.net/bpuMp.exe
dev*.com/1mHifVu.exe
surfa*.com/DJm.exe
kl*.com/Q4EzT.exe

Other malware seen installed in the system was Cryptolocker.

btc (182k image)



Apparently, spam overdose results in malware overdose.

Samples are detected as Trojan.Pws.Tepfer and Trojan.GenericKD variants.












<<< Polar Vortex Special: iPhone 5s in a Freezer
|
NSA: We Are Heavily Biased Toward Defense >>>