11/6/2022 0 Comments Efax messenger firewall![]() Weelsof is a Ransomware family and this label, as well as the FakeAV label, are likely due to tertiary malware. Zortob is another popular label seen for this malware, and Symantec calls it “FakeAVLock” while Ikarus and Sophos calls it Weelsof. In the more recent VirusTotal report, AntiVir, DrWeb, and Microsoft label this sample as Kuluoz, while Agnitum, CAT-QuickHeal, Kaspersky, NANO-Antivirus, VBA32, and VIPRE call it DoFoil. This is the same campaign that delivered Walmart/BestBuy/CostCo delivery messages around the Christmas holiday, and that delivered Courthouse, Eviction, and Energy bill spam. Kuluoz, which is also known as DoFoil, is delivered as the second phase of a malware delivery scheme that begins by having computers that are part of the ASProx botnet sending spam. This malware delivery mechanism, with the geographically labeled secondary malware, is a signature of the ASPROX => Kuluoz malware. (When the file was last checked, December 4, 2013, the detection rate had improved to 36 of 48 AV products.) #EFAX MESSENGER FIREWALL CODE#For example, when we visited from Birmingham, Alabama IP addresses, we received a file called “VoiceMail_Birmingham_(205)4581400.zip” – 205 is the Area code for Birmingham, Alabama, so both the city name and the telephone number provided were intended to enhance the believability that this was a “real” VoiceMail message that we should open and listen to!Īt the time we received this file, VirusTotal was showing a 7 of 48 detection rate. Visiting the link from any of of those websites resulted in code on the server resolving your IP address and creating a customer malware name based on your geographic location. Websites used for malware delivery,September 19, 2013 info.php?message=47lvQ31P1Nip+SkTsbYeAVNH+2aJDFeJ9djfprCHGa4= (a couple digits have been tweaked for privacy) Each of these websites had a file called “info.php” that was being called with a very long unique “message” parameter, such as: The first day we made note of the WhatsApp malware, September 19, 2013, we observed 52 different websites being advertised in the emails. We’ve seen tremendous variety in both the malware being delivered and in the method of delivery over the course of so many spam runs. ![]() WhatsApp spam used by ASProx Botnet to Deliver Kuluoz Malware (See ComputerWorld – Senior executives blamed for a majority of undisclosed security incidents.) Curiously, when I asked Brendan about the email I saw THIS WEEK imitating WhatsApp he said that was an example of spammers using the WhatsApp notoriety to drive traffic to counterfeit pharmaceutical websites! OCTOBER 2, 3, 4, 7, 8, 9, 10, 11, 16, 17, 18, 21, 22, 23, 24, 25Īs Steve Ragan mentioned in his ComputerWorld article on November 8, 2013, WhatsApp was one of our Top Five Imitated Brands for the delivery of malware via spam for the quarter. This campaign has been solidly in the top ten on: I asked Brendan to give me a list of days when a WhatsApp spam/malware campaign made Malcovery’s “Today’s Top Threats” list. At least three distinct spamming groups have already used WhatsApp as a lure for their scams.Īccording to Malcovery Security’s Brendan Griffin, WhatsApp was being used as a malware lure since at least September 19, 2013. As the popularity of WhatsApp grows due to the new acquisition, we believe we will see it become an even more popular spam lure. While Facebook still lead in the US, and WeChat clearly dominates China, WhatsApp was the leading app in Brazil 72%, South Africa (68%), and Indonesia (43%).īut those of us who keep track of spam and email-based threats have been hearing about WhatsUp for several months. Journalists in the United States were scurrying trying to figure out what WhatsApp even is, let alone why it should be worth $19 Billion.Īpparently WhatsApp has been growing in popularity in other parts of the world, as documented by a survey released in November by OnDevice Research which was headlined as Messenger Wars: How Facebook lost its lead which talked about the top Social Message Apps for mobile devices in five major markets: US, Brazil, South Africa, Indonesia, and China. ![]() #EFAX MESSENGER FIREWALL PLUS#On February 19, 2014, Facebook Announced the purchase of WhatsApp for $4 billion in cash and 183,865,778 shares of Facebook stock ($12 Billion in current value) plus an additional $3 billion in shares to the founders that will vest over four years, for a total purchase price of $19 Billion. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |