Fake DHL email lead to malware download
Computer Emergency Response Team UNAM-CERT, received a notification about an email that reached to Hotmail users inbox, apparently, comes from DHL parcel service. The email is shown below:
Ransomware variant that impersonates Mexican Federal Police identity
In one previous posts on this blog, it was performed the analysis of a malware sample which goal is to get money by hijacking the user's session once the computer gets infected. It has recently been reported several ransomware cases about Federal Police to the Computer Emergency Response Team UNAM-CERT. The lock window on the computer is shown below:
Trojan impersonates identity of gusanito.com
Computer Emergency Response Team, UNAM-CERT, received a report about an email campaign leading to the download of a supposedly malicious executable file. The file pretended to be a legitimate postcard from the widely known gusanito.com site, so that UNAM-CERT proceeded to perform the analysis of the sample. Shown below, the body of the email:
Ransomware impersonates Federal Police identity
UNAM-CERT received a report of a suspected malicious file blocking the user session on the computer where it was running.
This type of malware that hijacks information in computer equipment or infected user sessions is commonly called “ransomware”. Usually ransomware keeps blocking the infected computer until the victim pays a fee requested by the attacker. The image below shows the template that enables malware to block the victim’s session:
Backdoor on GNU/Linux
The Computer Emergency Response Team UNAM-CERT, received a report about a possible malicious executable file for GNU/Linux operating systems.
While it’s well known that exists a plenty of malware for Windows operating systems, users should not rule out the development of malware for GNU/Linux and Mac OS operating systems, which, even thought in lower degree, are not exempt to this type of threats.
ZeuS trojan hosted in MX domain
UNAM-CERT received a report about an executable file that appears to be malicious. Binary was hosted in a MX domain with the following name “BC-62016.exe”
Fake Java Update opens a backdoor in Windows
UNAM-CERT received a notification about a suspicious web site that leads to the installation of new Java software.
Email stealing identity of Santander Bank
The UNAM-CERT received a notification which reported on a possible identity theft campaign. The threat arrives by email as a warning of possible fraud in telcel payment.
As you can see the fraudulent site is similar to legitimate bank site, however include in the address bar is not for the original site.
Fake E-mail from tarjetasbubba.com
The Computer Emergency Response Team UNAM-CERT received a report which notified a suspicious email campaign from tarjetasbubba.com service. A link contained in the text body led to the malware piece.