Monday, July 1, 2013

Spam mail leads to phishing:



Last week, I received a spam mail in my Gmail account. It gives me the message as: to view the doc, please click here and login!



I viewed this link in the dedicated environment (for analysis). The link is hxxp://spirtbaza.com/bggle.doc/index.htm









In order view this doc, need to login using any of the following account.
I just use some random user id and some random password. It accepts those non existing id and redirected to Google doc page - https://productforums.google.com/forum/#!category-topic/docs/documents

I also captured the packets:



WHOIS information for spirtbaza.com:***
Domain Name: SPIRTBAZA.COM
   Registrar: LLC "REGISTRAR OF DOMAIN NAMES REG.RU"
   Whois Server: whois.reg.ru
   Referral URL: http://www.reg.ru
   Name Server: NS23.RUWEB.NET
   Name Server: NS45.RUWEB.NET
   Status: clientTransferProhibited


Regards,
NewWorld

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Setting up breakpoints in VirtualAlloc and VirtualProtect during malware analysis:

 Malware analysts add breakpoints in functions like `VirtualProtect` and `VirtualAlloc` for several key reasons: Understanding Malware Behav...