The link actually points to a hacked WordPress server. Using JavaScript, however, the real-VLSC Microsoft Web site shown where users can log in. However, there is simultaneously a zip file provided that the hacked WordPress server originates.This seems like the file from the Microsoft Web sites originates, although the hacked WordPress server is listed at the download location.
Offered zip file contains another .scr file is a Trojan horse. This "Chanitor Trojan" then connects to the Tor network. According to Cisco, the malware at the time was that the e-mails were detected around 9 out of 57 virus scanners on VirusTotal.
Hashesh:
1b147fc9d5342ca0fa59207d366ec4fb (VLSC Microsoft.zip)
No comments:
Post a Comment