[LACNIC/Seguridad] [Fwd: Re: [ii] Phishing site]
Andre Gerhard
agerhard en usp.br
Jue Jun 12 12:19:39 BRT 2008
Oi,
It's a typical brazilian phishing/scam malware, with the behaviour of a
downloader trojan (small trojan that downloads other components from
sites in the Internet), but it seems that the downloaded part is not
in the site anymore.
Andre Gerhard
On Thu, 12 Jun 2008 10:30:46 -0400
Kaio Rafael <kaiorafael en dcc.ufam.edu.br> wrote:
> Hi Antonio,
>
> I'm new to this list and i have analysed this malware here into my
> machine box, it seems that he also has some file
> into ___http://www.fazendasabia.com.br/
>
> ----------
> c:\imagens.scr
> http://www.fazendasabia.com.br/imagens/kl.jpg
> c:\imagens.scr
> ----------
>
> I have checked this site, but it gives a Forbidden error. I'm not sure,
> but the website could be compromised.
>
> []'z
> -
> Obrigado / Thank you
> Kaio Rafael
> Universidade Federal do Amazonas
> Departamento de Ciência da Computação
> Av. Gal. Rodrigo Otávio Jordão Ramos, 3000, Aleixo, Manaus-AM
> 69077-000, Minicampus, Bloco N
> Phone: +55 92 3647-4019 (DCC secretary)
> http://www.dcc.ufam.edu.br
> http://www.dcc.ufam.edu.br/~kaiorafael
> "First they ignore you, then they ridicule you,
> then they fight you, then you win.
> Mahatma Gandhi"
>
>
> -------- Mensagem original --------
> De: Antonio Montes <antonio.montes en cenpra.gov.br>
> Responder a: Lista para discusión de seguridad en redes y sistemas
> informaticos de la región <seguridad en lacnic.net>
> Para: carlos.martinez en csirt-antel.com.uy
> Cc: ii en npogroups.org, seguridad en lacnic.net
> Assunto: [LACNIC/Seguridad] [Fwd: Re: [ii] Phishing site]
> Data: Thu, 12 Jun 2008 10:47:31 -0300
>
> Carlos,
>
> Could you please forward the enclosed information to the appropriate
> response group in Uruguay.
>
> Thanks,
> Antonio
> anexo mensagem de correio eletrônico (Re: [ii] Phishing site.eml)
> -------- Mensagem encaminhada --------
> De: Steven Adair <steven en shadowserver.org>
> Responder a: ii en npogroups.org
> Para: ii en npogroups.org
> Assunto: RE: [ii] Phishing site
> Data: Thu, 12 Jun 2008 09:37:42 -0400
>
> _______________________________________________
> Seguridad mailing list
> Seguridad en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/seguridad
>
> _______________________________________________
> Seguridad mailing list
> Seguridad en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/seguridad
Más información sobre la lista de distribución Seguridad