NUEVOS MAILS MALICIOSOS QUE SE ESTAN RECIBIENDO CON ANEXADO MALICIOSO
En este caso aluden a que se descargue el ADOBE si no se puede leer el documento, que es un .JS … !
Asunto: Invoice NIC453372
De: Adrian.81@gmail.com
Fecha: 02/08/2017 21:40
Para: <destinatario>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you cannot view this attachment download a copy of Adobe Acrobat Reader from: http://get.adobe.com/reader/Email powered by Reform–
PLEASE CONSIDER THE ENVIRONMENT BEFORE PRINTING THIS EMAIL
This email and any files sent with it are intended only for the named recipient. If you are not the named recipient please telephone/email the sender immediately. You should not disclose the content or take/distribute any copies. Where the content of this email is personal or otherwise unconnected with Redactive Media Group’s business, Redactive Media Group accepts no responsibility or liability for such content.
Redactive Media Group refers to the following limited companies each of which are registered in England and Wales and each of which’s registered office is 78 Chamber St, London E1 8BL: Redactive Media Group Limited (registered number 07464280), Redactive Publishing Limited (registered number 3156216), Redactive Media Sales Limited (registered number 3220190), Redactive Events Limited (registered number 4615386).
anexado : NIC453372.ZIP –-> contiene NIC423518.js con downloader -NEMUCOD
Ya controlado actualmente por Kaspersky como HEUR:Trojan.Script.Agent.gen 20170803
________________________
Otro similar al anterior, con otro anexado:
Asunto: Invoice NIC920061
De: Britney.683@gmail.com
Fecha: 02/08/2017 21:53
Para: <destinatario>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you cannot view this attachment download a copy of Adobe Acrobat Reader from: http://get.adobe.com/reader/Email powered by Reform–
PLEASE CONSIDER THE ENVIRONMENT BEFORE PRINTING THIS EMAIL
This email and any files sent with it are intended only for the named recipient. If you are not the named recipient please telephone/email the sender immediately. You should not disclose the content or take/distribute any copies. Where the content of this email is personal or otherwise unconnected with Redactive Media Group’s business, Redactive Media Group accepts no responsibility or liability for such content.
Redactive Media Group refers to the following limited companies each of which are registered in England and Wales and each of which’s registered office is 78 Chamber St, London E1 8BL: Redactive Media Group Limited (registered number 07464280), Redactive Publishing Limited (registered number 3156216), Redactive Media Sales Limited (registered number 3220190), Redactive Events Limited (registered number 4615386).
ANEXADO: NIC920061.zip —> CONTIENE NIC423527.JS (con otro NEMUCOD !)
Kaspersky 20170803 (aun no detectado)
McAfee 20170803 (aun no detectado)
Esta vez aun no detectado por nuestros antivirus, ni McAfee ni Kaspersky… CUIDADO !!!
_________________
y otro con mas de lo mismo:
<— CONTIENE 2QSrAtLdF.js con NEMUCOD
Asunto: Invoice NIC710100
De: Rosalinda.04@gmail.com
Fecha: 02/08/2017 21:12
Para: <destinatario>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you cannot view this attachment download a copy of Adobe Acrobat Reader from: http://get.adobe.com/reader/Email powered by Reform–
PLEASE CONSIDER THE ENVIRONMENT BEFORE PRINTING THIS EMAIL
This email and any files sent with it are intended only for the named recipient. If you are not the named recipient please telephone/email the sender immediately. You should not disclose the content or take/distribute any copies. Where the content of this email is personal or otherwise unconnected with Redactive Media Group’s business, Redactive Media Group accepts no responsibility or liability for such content.
Redactive Media Group refers to the following limited companies each of which are registered in England and Wales and each of which’s registered office is 78 Chamber St, London E1 8BL: Redactive Media Group Limited (registered number 07464280), Redactive Publishing Limited (registered number 3156216), Redactive Media Sales Limited (registered number 3220190), Redactive Events Limited (registered number 4615386).
ANEXADO: NIC710100.ZIP <—– contiene 2QSrAtLdF.js con JS.NEMUCOD
Kaspersky HEUR:Trojan.Script.Agent.gen 20170803
McAfee JS/Nemucod.xh 20170803
Ya detectado tanto por McAfee como por Kaspersky:Kaspersky HEUR:Trojan.Script.Agent.gen 20170803McAfee JS/Nemucod.xh 20170803
_______________________
Y un último similar a los anteriores, tambien anexando NEMUCOD:
Asunto: Invoice NIC710100
De: Rosalinda.04@gmail.com
Fecha: 02/08/2017 21:12
Para: <destinatario>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you cannot view this attachment download a copy of Adobe Acrobat Reader from: http://get.adobe.com/reader/Email powered by Reform–
PLEASE CONSIDER THE ENVIRONMENT BEFORE PRINTING THIS EMAIL
This email and any files sent with it are intended only for the named recipient. If you are not the named recipient please telephone/email the sender immediately. You should not disclose the content or take/distribute any copies. Where the content of this email is personal or otherwise unconnected with Redactive Media Group’s business, Redactive Media Group accepts no responsibility or liability for such content.
Redactive Media Group refers to the following limited companies each of which are registered in England and Wales and each of which’s registered office is 78 Chamber St, London E1 8BL: Redactive Media Group Limited (registered number 07464280), Redactive Publishing Limited (registered number 3156216), Redactive Media Sales Limited (registered number 3220190), Redactive Events Limited (registered number 4615386).
ANEXADO : NIC710100.zip <—CONTIENE NIC423520.JS CON NEMUCOD
Esta vez ya lo detectamos tanto con Kaspersky como con McAfee:
Kaspersky HEUR:Trojan.Script.Agent.gen 20170803
McAfee JS/Nemucod.xh 20170803
CONSIDERACIONES:
Los downloaders NEMUCOD están basados en un .js que llega empaquetado en un ZIP anexado a un e-mail no solicitado, el cual no debería haberse ejecutado, pues a pesar de que los antivirus se actualizan continuamente, las continuas nuevas variantes de este tipo de malwares pueden no ser conocidas aun por ellos, como es el caso que puede verse en alguna de las muestras analizadas.
MUCHO CUIDADO CON LOS ANEXADOS EN LOS MAILS NO SOLICITADOS.
saludos
ms, 3-8-2017
NOTA: Los interesados en información sobre contrato de soporte Asistencia Tecnica de SATINFO y/o licencia de uso/actualizaciones de sus utilidades, contacten con info@satinfo.es
__________
Este blog no se hace responsable de las opiniones y comentarios de los textos en los que se cita la Fuente, ofreciendo su contenido solo para facilitar el acceso a la información del mismo.
Puedes seguir cualquier respuesta a esta entrada mediante el canal RSS 2.0. Los comentarios y los pings están cerrados.
Los comentarios están cerrados.