[AusNOG] qld transport contact
Matt Perkins
matt at spectrum.com.au
Thu Dec 13 14:06:11 EST 2012
All the Ip's I have found so far originate in china or HK. I just got
two in between the last two posts on Ausnog. The Imbedded graphics come
from the VB website. So VB could go change those referees/graphics right
away to indicate it's a spam. Attachment reports to be a zipped pdf. But
is a file named virgin-itinerary.pdf.exe file is a PE32 executable for
MS windows 32 bit.
I haven't looked inside yet to see what's in the honypot within. If I
get a chance this arvo I will pop it's cork in the sand pit.
Matt.
On 13/12/12 1:43 PM, Sean K. Finn wrote:
> I thought PDF's were the PREFERRED delivery method of Malware these days?
>
> By the way, I've been getting QANTAS ones too. Definitely a coordinated and targeted zerg rush of malware.
>
> Considering the Zerg Rush style of tactic, I wonder where the origin might be?
>
> S.
>
> -----Original Message-----
> From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Paul Gear
> Sent: Thursday, December 13, 2012 12:08 PM
> To: ausnog at lists.ausnog.net
> Subject: Re: [AusNOG] qld transport contact
>
> On 12/13/2012 11:54 AM, Nathan Ridge wrote:
>> Wow... so now hundreds or thousands of people that are actually
>> travelling soon open the virus under instruction from virgin to do so,
>> that's lazy, they will be raped over this, they should have been much
>> more explicit saying only open the attachment if it is a pdf not zip
>> or exe and make sure you scan with an uptodate av program before opening.
> PDFs are not exempted from buffer overrun & sandbox escape vulnerabilities. End users should be advised not to open ANY attachments which they aren't expecting.
>
> Paul
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
--
/* Matt Perkins
Direct 1300 137 379 Spectrum Networks Ptd. Ltd.
Office 1300 133 299 matt at spectrum.com.au
Fax 1300 133 255 Level 6, 350 George Street Sydney 2000
SIP 1300137379 at sip.spectrum.com.au
PGP/GNUPG Public Key can be found at http://pgp.mit.edu
*/
More information about the AusNOG
mailing list