British users, watch what you execute on your PCs!<\/p>\n
An ongoing malicious spam campaign is impersonating U.K’s O2 mobile carrier, in an attempt to trick its customers into executing a fake ‘MMS message” attachment found in the emails. Once socially engineered users do so, their PCs automatically join the botnet operated by the cybercriminal\/gang of cybercriminals whose activities we continue to monitor.<\/p>\n
More details:<\/p>\n
<\/p>\n
Detection rate for the malicious attachment<\/strong> – MD5: 898101c6689522c336f6d2c6aabd6c8c<\/strong><\/a> – detected by 9 out of 46 antivirus scanners as Heuristic.BehavesLike.Win32.Suspicious-BAY.K; Win32\/TrojanDownloader.Zurgop.AW.<\/p>\n Once executed, the sample starts listening on port 6501.<\/p>\n It then creates the following Mutexes:<\/strong> And phones back to the following C&C servers:<\/strong> Related malicious MD5s known to have phoned back to the same C&C IP (62.76.187.113) :<\/strong> Related malicious MD5s known to have phoned back to the rest of the C&C IPs:<\/strong> We’ve also seen these C&C IPs (108.74.172.39; 90.156.118.144<\/strong>) in the following already profiled malicious campaigns:<\/p>\n Webroot\u00a0SecureAnywhere<\/a><\/strong>\u00a0users are proactively protected from these threats.<\/p>\n You can find more about Dancho\u00a0Danchev at his\u00a0LinkedIn Profile<\/a><\/strong>. You can also\u00a0follow him on Twitter<\/a><\/strong>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":" British users, watch what you execute on your PCs! An ongoing malicious spam campaign is impersonating U.K’s O2 mobile carrier, in an attempt to trick its customers into executing a fake ‘MMS message” attachment found in the emails. Once socially engineered users do so, their PCs automatically join the botnet operated by the cybercriminal\/gang of […]<\/p>\n","protected":false},"author":65,"featured_media":17052,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[],"yst_prominent_words":[15477,12353,3561,11739,14625,14627,4065,15475,15471,3477,14979,15473,15469,15467,12357,3889,3869,11747,14623,3471],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/12315"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=12315"}],"version-history":[{"count":2,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/12315\/revisions"}],"predecessor-version":[{"id":25717,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/12315\/revisions\/25717"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/17052"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=12315"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=12315"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=12315"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=12315"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n3161B74B4743E1643757A7220636106970144646<\/em>
\nGlobal{BB67AFC4-9FA5-408A-DBC9-BE58FA349D4A}<\/em>
\nCTF.TimListCache.FMPDefaultS-1-5-21-1547161642-507921405-839522115-1004MUTEX.DefaultS-1-5-21-1547161642-507921405-839522115-1004<\/em>
\nLocal{B0B9FAFD-CA9C-4B54-DBC9-BE58FA349D4A}<\/em>
\nLocal{B0B9FAFC-CA9D-4B54-DBC9-BE58FA349D4A}<\/em>
\nLocal{D15F4CEE-7C8F-2AB2-DBC9-BE58FA349D4A}<\/em>
\nLocal{D15F4CE9-7C88-2AB2-DBC9-BE58FA349D4A}<\/em>
\nLocal{0BB5ADEF-9D8E-F058-DBC9-BE58FA349D4A}<\/em>
\nLocal{911F9FCD-AFAC-6AF2-DBC9-BE58FA349D4A}<\/em>
\nGlobal{2E06BA86-8AE7-D5EB-DBC9-BE58FA349D4A}<\/em>
\nGlobal{B0B9FAFD-CA9C-4B54-DBC9-BE58FA349D4A}<\/em>
\nGlobal{B0B9FAFC-CA9D-4B54-DBC9-BE58FA349D4A}<\/em>
\nGlobal{D15F4CEE-7C8F-2AB2-DBC9-BE58FA349D4A}<\/em>
\nGlobal{D15F4CE9-7C88-2AB2-DBC9-BE58FA349D4A}<\/em>
\nGlobal{0BB5ADEF-9D8E-F058-DBC9-BE58FA349D4A}<\/em>
\nGlobal{5C56C404-F465-A7BB-11EB-B06D3016937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-75EA-B06D5417937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-4DE9-B06D6C14937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-65E9-B06D4414937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-89E9-B06DA814937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-BDE9-B06D9C14937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-51E8-B06D7015937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-81E8-B06DA015937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-FDE8-B06DDC15937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-0DEF-B06D2C12937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-5DEF-B06D7C12937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-95EE-B06DB413937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-F1EE-B06DD013937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-89EB-B06DA816937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-F9EF-B06DD812937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-E5EF-B06DC412937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-0DEE-B06D2C13937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-09ED-B06D2810937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-51EF-B06D7012937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-35EC-B06D1411937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-85EC-B06DA411937F}<\/em>
\nGlobal{5C56C404-F465-A7BB-FDEF-B06DDC12937F}<\/em>
\nGlobal{DDB39BDC-ABBD-265E-DBC9-BE58FA349D4A}<\/em>
\nMPSWabDataAccessMutex<\/em>
\nMPSWABOlkStoreNotifyMutex<\/em><\/p>\n
\nhxxp:\/\/62.76.187.147\/nsmp\/og\/index.php<\/em>
\nhxxp:\/\/62.76.187.113\/par\/22.exe<\/em>
\n62.76.187.147<\/em>
\n62.76.187.113<\/em>
\n88.68.122.74<\/em>
\n70.169.168.37<\/em>
\n50.65.158.6<\/em>
\n99.146.98.160<\/em>
\n189.242.35.122<\/em>
\n108.74.172.39<\/em>
\n108.210.219.218<\/em>
\n99.0.126.100<\/em>
\n90.156.118.144<\/em>
\n178.238.233.29<\/em>
\n68.22.158.150<\/em>
\n184.39.153.172<\/em>
\n66.63.204.26<\/em>
\n217.114.113.148<\/em>
\n76.226.134.206<\/em>
\n203.45.203.83<\/em>
\n130.251.186.103<\/em>
\n213.123.186.173<\/em>
\n69.115.119.227<\/em>
\n75.1.200.201<\/em>
\n77.53.215.241<\/em>
\n108.245.72.131<\/em>
\n71.85.110.76<\/em>
\n217.41.24.37<\/em>
\n68.45.158.241<\/em>
\n182.52.92.50<\/em>
\n81.130.84.78<\/em>
\n88.242.132.171<\/em>
\n188.129.147.67<\/em>
\n31.192.45.65<\/em>
\n68.117.10.58<\/em><\/p>\n
\nMD5: 27da5e0800d937f03c5fbdff8aeb52c3<\/em>
\nMD5: 83ab87dba8600e5f6eabad30c6c83a89<\/em>
\nMD5: 8c8d43c8cfacf6d5c04e6f6ac7d4ff54<\/em><\/p>\n
\nMD5: b3ea4bff1b0d1ddd938edcc1993098fe<\/em>
\nMD5: 0e6128900197d4ddc03579925878df9b<\/em>
\nMD5: b87646a8903ae9b96ec03c626d966487<\/em>
\nMD5: 22989829fbec90ed6e6b2ffb4d9e05f0<\/em>
\nMD5: 4108733a631f090b1678dfaf628827e0<\/em>
\nMD5: 40e652cb3f16036f0ec5ff420c6fe32d<\/em>
\nMD5: 40df940b645b858a5f18434530083c9d<\/em>
\nMD5: 458b7b551270d27ddda4d453d6e01a37<\/em>
\nMD5: 42fbb3a1262fe6765dd5b088dda68c17<\/em>
\nMD5: 45a0fbc793b29d24db0d9b46c68fc43d<\/em>
\nMD5: 4353b1fa1f82917dd785c50fc462f6e1<\/em>
\nMD5: 45eebb5b36d5484cd86a4346e291d3f5<\/em>
\nMD5: 3f2a82b23cfa41009c8bf1aa17dd9596<\/em>
\nMD5: 450c2cf0dd49e402544b6371aac794d7<\/em>
\nMD5: 2f2520d1c93a679021c5a00ab6f66c2f<\/em>
\nMD5: 3a71b1886c45a94dea2812c016c98591<\/em>
\nMD5: 37c5dbaac8e18324ed448f2db7bfc161<\/em>
\nMD5: 33075ffd7aed4835b0b682200c3f04ac<\/em>
\nMD5: 2a176b72e6ab78139bfa4e180baf64eb<\/em>
\nMD5: 81225759067aef4201c99f2ffe2f4b7b<\/em>
\nMD5: 32e60c4f951b9dd7eac4b59c133fb7a0<\/em>
\nMD5: 30e90438022ab99154290fbca4f886d7<\/em>
\nMD5: 253943239f595a0104fc5eb986875f10<\/em>
\nMD5: 2289fbcb158e2eec17a659264b957225<\/em>
\nMD5: 1f5b02fd972d51140a6a5ef835e91b54<\/em>
\nMD5: 250c6b131c6a3958f4d533f9b206ef41<\/em>
\nMD5: 1e7ccdbc40e911b99fed29d5c8c4954b<\/em>
\nMD5: 20a1a83437535c0cb8d9c1b89f8e52ac<\/em>
\nMD5: 1c4d94ee49acf4de708ffbf389c7e3d6<\/em>
\nMD5: 1838365520495ef13c7cb04b8c9f16be<\/em>
\nMD5: 178e4c2335e6aad1b2512f84ad7f5c48<\/em>
\nMD5: 1f96b6582238263b9bc572dba8cdca2d<\/em>
\nMD5: 18d2945660a11009c10ed1827287c45a<\/em>
\nMD5: 1d9b592b424fdb11d8b53392c6840c89<\/em>
\nMD5: 173843e9d668a5ec25b5efb186dc68ec<\/em>
\nMD5: 14ef08883becccbaebe72ffda5dde77c<\/em>
\nMD5: 1464af0b8c22df305ca7c9b13c2736e4<\/em>
\nMD5: 11b4adc82be692ecdb2fa72e5394c83e<\/em>
\nMD5: 103eaf337190472e4ec4e956c4fe2bcf<\/em>
\nMD5: 09eaf3edb1b57fed6412ee5604583905<\/em>
\nMD5: 0b08c71d47321000973e78f85c07e98c<\/em>
\nMD5: 0555039e122f36e94225414a895124a0<\/em><\/p>\n\n