[AusNOG] qld transport contact

Matt Perkins matt at spectrum.com.au
Thu Dec 13 14:06:11 EST 2012


All the Ip's I have found so far originate in china or HK. I just got 
two in between the last two posts on Ausnog. The Imbedded graphics come 
from the VB website. So VB could go change those referees/graphics right 
away to indicate it's a spam. Attachment reports to be a zipped pdf. But 
is a file named virgin-itinerary.pdf.exe file is a PE32 executable for 
MS windows 32 bit.

I haven't looked inside yet to see what's in the honypot within. If I 
get a chance this arvo I will pop it's cork in the sand pit.

Matt.




On 13/12/12 1:43 PM, Sean K. Finn wrote:
> I thought PDF's were the PREFERRED delivery method of Malware these days?
>
> By the way, I've been getting QANTAS ones too. Definitely a coordinated and targeted zerg rush of malware.
>
> Considering the Zerg Rush style of tactic, I wonder where the origin might be?
>
> S.
>
> -----Original Message-----
> From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Paul Gear
> Sent: Thursday, December 13, 2012 12:08 PM
> To: ausnog at lists.ausnog.net
> Subject: Re: [AusNOG] qld transport contact
>
> On 12/13/2012 11:54 AM, Nathan Ridge wrote:
>> Wow... so now hundreds or  thousands of people that are actually
>> travelling soon open the virus under instruction from virgin to do so,
>> that's lazy, they will be raped over this, they should have been much
>> more explicit saying only open the attachment if it is a pdf not zip
>> or exe and make sure you scan with an uptodate av program before opening.
> PDFs are not exempted from buffer overrun & sandbox escape vulnerabilities.  End users should be advised not to open ANY attachments which they aren't expecting.
>
> Paul
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog


-- 
/* Matt Perkins
         Direct 1300 137 379     Spectrum Networks Ptd. Ltd.
         Office 1300 133 299     matt at spectrum.com.au
         Fax    1300 133 255     Level 6, 350 George Street Sydney 2000
         SIP 1300137379 at sip.spectrum.com.au
         PGP/GNUPG Public Key can be found at  http://pgp.mit.edu
*/




More information about the AusNOG mailing list