Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

The news update you never asked for

Published: 2008-08-05
Last Updated: 2008-08-05 00:45:33 UTC
by Daniel Wesemann (Version: 1)
3 comment(s)

If you missed last week's chance to get your "airplane ticket", you currently have a second opportunity. Emails are making the rounds that claim to come from CNN, and carry a subject of "CNN.com Daily Top 10". Well, they are neither. But the emails contain click-friendly headlines with enticing subjects like "Will all Americans be obese by 2030?" Now who wouldn't want to read THAT?!

Clicking takes you to the netherworld, of course. You currently receive a file called "get_flash_update.exe" (yeah, sure!). Detection for the sample is coming on line, see http://www.virustotal.com/analisis/258fbdfb7eb6ecfedbf236533b03c945

The domain "idoo .com" seems to be up to no good. Other involved domains are too numerous to listen, but about 50 of them currently resolve to 200.46.83.233.  That's in Panama.

Keywords: malware spam
3 comment(s)
Diary Archives