While checking personal spam emails that I received today, my interest was drawn by a certain email claiming that users can get $2400 by downloading the casino application: Once you click on the link hxxp://bearte.net.cn, you are sent to this Web page: This Web page asks you to download a file named InstallCasinoV2.exe. The said…
Read MoreLoucif Kharouni
Senior Threat Researcher
Yesterday we received reports of a malicious Web site that targets Italian users. This particular site purports to be a tour and travel operator for India: The malicious source is similar to: <object classid=”clsid:0F5FBC88-CC6A-48e8-B037-E37763D0482B” codebase=”http://www.{BLOCKED}elettronici.com/indiatouroperator/registrazione.exe“> </object> The file registrazione.exe is detected as TROJ_AGENT.AAFY, and the URL that it hosts is detected as HTML_AGENT.AAFX. Once the…
Read MoreNote: Click on the pictures to see the full image. Last week I received a malicious file detected as TROJ_LOWZONES.CO which is a component of the Gromozon chain malware. After having analyzed and executed the file, I noticed that the malware modifies IE start page (not really surprising) to h_ttp://www.gooogle.bz (where bz stands for Belize…
Read MoreI’m writing down this post to let you know about targeted attacks we’re facing in Europe, especially in Italy.The “Italian Job”, (a.k.a. Linkoptimizer, a.k.a. Gromozon) appears to be orchestrated by a well-organized gang, using several aliases to avoid recognition but in the end, still refers to the same malware chain.An infection by Linkoptimizer could triggered…
Read More