{"id":8841,"date":"2012-11-29T00:00:10","date_gmt":"2012-11-29T07:00:10","guid":{"rendered":"http:\/\/blog.webroot.com\/?p=8841"},"modified":"2018-10-05T11:55:29","modified_gmt":"2018-10-05T17:55:29","slug":"cybercriminals-impersonate-t-mobile-u-k-serve-malware","status":"publish","type":"post","link":"https://www.webroot.com/blog/2012\/11\/29\/cybercriminals-impersonate-t-mobile-u-k-serve-malware\/","title":{"rendered":"Cybercriminals impersonate T-Mobile U.K, serve malware"},"content":{"rendered":"

Cybercriminals are currently impersonating T-Mobile U.K, in an attempt to trick its customers into downloading a bogus billing information report. Upon execution, the malware opens a backdoor on the affected host, allowing the cybercriminals behind the campaign complete access to the infected PC.<\/p>\n

More details:<\/p>\n

<\/p>\n

Sample screenshot of the spamvertised email:<\/strong><\/p>\n

\"\"<\/a><\/p>\n

Sample detection rate for the malicious executable:\u00a0MD5: b0d4dad91f8e56caa184c8ba8850a6bd<\/strong><\/a> – detected by 35 out of 44 antivirus scanners as Worm:Win32\/Gamarue<\/p>\n

That’s the same MD5 that was served in the recently profiled “Bogus DHL \u2018Express Delivery Notifications\u2019 serve malware<\/strong><\/a>” malicious campaign, indicating a (thankfully) low QA (Quality Assurance) on behalf of the cybercriminals behind the campaign who didn’t bother introducing a new malware variant.<\/p>\n

Webroot SecureAnywhere<\/strong><\/a>\u00a0users are proactively protected from this threat.<\/p>\n

You can find more about Dancho Danchev at his\u00a0LinkedIn Profile<\/strong><\/a>. You can also\u00a0follow him on \u00a0Twitter<\/strong><\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

Cybercriminals are currently impersonating T-Mobile U.K, in an attempt to trick its customers into downloading a bogus billing information report. Upon execution, the malware opens a backdoor on the affected host, allowing the cybercriminals behind the campaign complete access to the infected PC. More details:<\/p>\n","protected":false},"author":65,"featured_media":17052,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[],"yst_prominent_words":[3929,11065,3881,5411,10335,4065,3477,5717,3875,12757,12357,12755,12753,12529,3471,3525],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/8841"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=8841"}],"version-history":[{"count":2,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/8841\/revisions"}],"predecessor-version":[{"id":25547,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/8841\/revisions\/25547"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/17052"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=8841"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=8841"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=8841"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=8841"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}