Today's early morning we started receiving phone calls from people asking us about an e-mail they received last night. This e-mail included links to UNAM-CERT, a supposed "guide" to secure the PC and the UNAM-CERT's phone number.
Some user submitted to me a copy of the e-mail that supposedly came from UNAM-CERT, this e-mail included a text asking the recipients to download a supposed "guide" to secure their PCs (Manual.exe).
The md5 checksum of the malware is: fcfc77d1786572812aac1319e5ad5fde
This malware modifies the hosts file in Windows, redirecting www.banamex.com to an IP address under the control of the phisher.
What is really interesting in this attack is the fact that phishers are using well-known organizations as vector for infection, even when the final target is another website, like Banamex in this case.
For more information regarding recommendations and related info you should go to the UNAM-CERT official site.
For an in-depth analysis check the UNAM-CERT's malware blog.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment