Reading Time: ~2 min.

A circulating malicious spam campaign attempts to trick T-Mobile customers into thinking that they’ve received a password-protected MMS. However, once gullible and socially engineered users execute the malicious attachment, they automatically compromise the confidentiality and integrity of their PCs, allowing the cybercriminals behind the campaign to gain complete control of their PCs.

Detection rate for the spamvertised sample – MD5: 5d69a364ffa8d641237baf4ec7bd641f – detected by 11 out of 48 antivirus scanners as W32/Trojan.XTWU-6193; TR/Sharik.B; Trojan.DownLoader9.22851

Once executed, the sample phones back to –

The following subdomains are also known to have phoned back to the same IP in that past:

The following malicious MD5s are also known to have phoned back to the same domain/IP in the past:
MD5: f65f5b77b0c761e4b832c4c6eb160abe
MD5: 04d70ee87b53c6b72667a64c90310c6c
MD5: f9012d4c5b184bfce0d38fbe59ed5f01
MD5: e04211eebf720db3a3020894c8902d91
MD5: 8ee9dcaa13c43ef1c597e6602f13a18d
MD5: 0f0bd979a4653bd1dd3851c2401bd6f5
MD5: bed1f172fc063ef6ef6462694ec08b57
MD5: 6d91c5519d7e775026256a8a03c94298
MD5: cef1668439de2c59392207a1e5b694be
MD5: e3e1500f61974748524a9c6ec24fba20
MD5: db188979d05cc07b9a2f28c629f665e7
MD5: 8ae4171c1ff33d5f28073abc459084e5
MD5: 440205bed295ffbcb7e8a97ba7fafe5f
MD5: 9454f19a4a4f8132eb67b8333a1c685b
MD5: 18ffaf17b6144fbd2557574b450b6890
MD5: 06a610c631b723ab818d9fc14ff462d1
MD5: c1133b01880db299f4b598bd04fc6816

Webroot SecureAnywhere users are proactively protected from these threats.

Blog Staff

About the Author

Blog Staff

Facebook Comments
Share This