[AusNOG] FW: [nznog] New(?) scam: Door to door malware in Christchurch

Skeeve Stevens Skeeve at eintellego.net
Tue Aug 2 11:22:25 EST 2011


Strange and a worthwhile fwd if it migrates to our shores (or is already here)


...Skeeve



--

Skeeve Stevens, CEO - eintellego Pty Ltd - The Networking Specialists

skeeve at eintellego.net ; www.eintellego.net

Phone: 1300 753 383 ; Fax: (+612) 8572 9954

Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellego or eintellego at facebook.com

twitter.com/networkceoau ; www.linkedin.com/in/skeeve

PO Box 7726, Baulkham Hills, NSW 1755 Australia


--

eintellego - The Experts that the Experts call

- Juniper - HP Networking - Cisco - Brocade - Arista - Allied Telesis

On 2/08/11 10:55 AM, "Michael Fincham" <michael at unleash.co.nz<mailto:michael at unleash.co.nz>> wrote:

Hi list,

Just had a visit to our Christchurch offices from a shady guy claiming
"ISPs snoop on all your traffic, you should download this free, secure
browser" who then proceeded to hand our tech who answered the door
several URLs on a piece of paper.

I can't imagine a world in which the "linked" executable is anything
aside from a malware payload, though VirusTotal returns nothing for
the file, so it may be new or just creatively packed.

Here's a picture of the piece of paper given to our tech:

<http://finch.am/projects/nznog/IMG_20110802_124202.jpg>

The URLs on the paper are:

http://www.autoprofits.smartmediaTechnologies .com
http://www.autoprofits.smartmediaDesktop .com
http://www.autoprofits.smartmediaPays .com

I'm happy to provide a copy of the payload for analysis and I'm sure
our tech could give a more thorough description of the chap if anyone
wants to take this further.

--
-Michael Fincham
System Administrator, Unleash
www.unleash.co.nz
Phone: 0800 750 250
DDI: 03 978 1223
Mobile: 027 666 4482
_______________________________________________
NZNOG mailing list
NZNOG at list.waikato.ac.nz<mailto:NZNOG at list.waikato.ac.nz>
http://list.waikato.ac.nz/mailman/listinfo/nznog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20110802/e1fb066f/attachment.html>


More information about the AusNOG mailing list