![]() It then queried for which succesfully resolved to 146.185.220.176Īt that point, my infected host established an HTTPS connection with: hxxps:///savestats/ĭNS queries and beginning of SSL session.Įxamining the traffic via Wireshark or similar will yield no joy as the traffic is SSL encrypted. Once my test system became infected, it did a DNS query for, which was offline. The prolific Cutwail spambot sent the spam email with a lure URL of:Įxecutable file dropped from '' ORDER DETAILS Order #: QG673260 Order Date: Item(s) Requested In Your Shipment We will also inform you with the ability to track your parcels via the instructions below. If you requested multiple products, we may ship them in separate boxes (at no additional cost to you) to ensure the fastest possible delivery. We hope that you will see that it suit your needs. Great News! Your order, QG673260, was shipped today (see details below) and will complete shortly. ![]() The "Intuit" email looked like this, and similar text context is shown below: Since I know that Blackhole2 is now directing to Bugat/Feodo/Cridex banking malware, I wanted to look more closely and see what might be new. The other day, I received another spam email, this time supposedly from Intuit.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |