« Sana labs on the road part 1 | Main | Two talks for the price of one! »
June 09, 2006
Malware from Craigslist
An employee at Sana was looking for a car on craigslist, and emailed the person with the advert. He got the following email:
Hello,
Thank you for your interest in my car. I gladly inform you that it is still on sale so you are right on time.
Sorry for the delay, as I am staying in the hospital right now. As I have to cover all the costs myself, I am selling it and the deal is very good for you. The car is in an excellent good condition. Please, follow the link and download all the specific information about the car:
http://url_removed/myalbum.exe
As soon as you download it, you will have all the necessary data:
description, photos, and other
details. Please, make sure you are well acquainted with the info so that your decision would be reasonable. The car is in excellent condition, no accident. Thank you.
Please, reply ASAP and feel free
to ask any questions.
P.S. To watch the pictures you are to save the portfolio on your computer and launch it.
And surprise surprise myalbum.exe is not photos, but a nastly piece of malware, similar to the Rootkit.Hearse discussed in previous blogs.