Monday, July 1, 2013

Spam mail leads to phishing:



Last week, I received a spam mail in my Gmail account. It gives me the message as: to view the doc, please click here and login!



I viewed this link in the dedicated environment (for analysis). The link is hxxp://spirtbaza.com/bggle.doc/index.htm









In order view this doc, need to login using any of the following account.
I just use some random user id and some random password. It accepts those non existing id and redirected to Google doc page - https://productforums.google.com/forum/#!category-topic/docs/documents

I also captured the packets:



WHOIS information for spirtbaza.com:***
Domain Name: SPIRTBAZA.COM
   Registrar: LLC "REGISTRAR OF DOMAIN NAMES REG.RU"
   Whois Server: whois.reg.ru
   Referral URL: http://www.reg.ru
   Name Server: NS23.RUWEB.NET
   Name Server: NS45.RUWEB.NET
   Status: clientTransferProhibited


Regards,
NewWorld

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

How Malware Uses GetThreadContext() to Detect Debuggers – And How to Bypass It?

  Introduction In the world of malware reverse engineering , understanding how malware detects debuggers is crucial. One of the most common ...