Your guilty conscience could get you pwned

I just received an email from some guy called Willie Hickey. Aside form having an extremely amusing name, Mr. Hickey was offering me some very urgent advice:

 

Mail from Willie Hickey

Mail from Willie Hickey


 
 The message reads

“Hey, some jerk has posted your pictures (u understand what kind of pictures are there) and sent a link of them to all ur friends. I have already replied back. Said, that he is an idiot. See the link:”.

 
This little piece of social engineering is obviously designed to arouse fear and doubt in the recipient; “Oh no, not those photos, the zookeeper promised he would destroy the negatives.
 

Don’t be tempted though to click the link. There are no photos, there is no Willie Hickey.

 

The link leads to a malicious JavaScript which redirects the browser to a Russian IP address where multiple PDF exploits and an ActiveX exploit are used to push out a variant of the ZeuS crimeware. The sample itself has very low detection rates with only 9 out of 40 detections on VirusTotal

 

If you’re already a Trend Micro user you would be protected from this as the malicious website is already blocked by the Smart Protection Network and the malware detected. If you have received a similar mail and clicked the link and are worried you may be affected, run a free clean up with HouseCall.

One thought on “Your guilty conscience could get you pwned

  1. Pingback: Your guilty conscience could get you pwned - Donna's SecurityFlash

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>