Author Topic: wiptrial.wz.cz  (Read 4202 times)

0 Members and 1 Guest are viewing this topic.

July 15, 2008, 10:20:25 am
Read 4202 times

philipp

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 218
Hi,

from a spam mail
Code: [Select]
Return-Path: <Raquel-kalmbach@rhldesign.com>
X-Original-To: postmaster@xxx.de
Delivered-To: postmaster@xxx.de
Received: from 87.68.106.14.cable.012.net.il (unknown [87.68.106.14])
by family.xxx.de (Postfix) with ESMTP id 7412B9FA00EA
for <postmaster@xxx.de>; Tue, 15 Jul 2008 00:42:22 +0200 (CEST)
To: postmaster@xxx.de
Subject: Michael Jackson dies in bed
From: Giventer <Raquel-kalmbach@rhldesign.com>
Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Date: Tue, 15 Jul 2008 01:42:17 +0300
Message-ID: <qi.dhhxgdpgbfwbia@sarid>
User-Agent: Opera Mail/9.50 (Win32)
X-DSPAM-Result: Spam
X-DSPAM-Processed: Tue Jul 15 00:42:23 2008
X-DSPAM-Confidence: 0.6941
X-DSPAM-Probability: 1.0000
X-DSPAM-Signature: 487bd64f139585120455541

Floods in Bahamas claims hundreds of lives
http://wiptrial.wz.cz/main.html

--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

hxxp://wiptrial.wz.cz/main.html
loads in an iframe:
hxxp://wiptrial.wz.cz/00.html
which serves an MDAC exploit, with the payload:
hxxp://wiptrial.wz.cz/view.exe (md5sum: b14972728100f240ef92d463d7175eba)

July 15, 2008, 11:49:51 am
Reply #1

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

July 15, 2008, 12:25:03 pm
Reply #2

philipp

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 218
uh, sorry didnt notice that  :-[
thanks

July 15, 2008, 12:31:32 pm
Reply #3

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
hehe no worries :)
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

July 15, 2008, 02:59:38 pm
Reply #4

Kayrac

  • Guest
the exe is gone already, probably changed it :)