Beware of Nicole Kidman Scandal Tape Malware Distribution Spam Mail

anti spam






TOKYO (MacHouse) – More than 3 hours ago, an organized cyber criminal group sent out a spam message with the title of Last news for Ivory Howe (See Screenshot 01.) The body of the message is very simple. It only says






Nicole Kidman Scandal Tape. See now!






with an underlying link to http://www.failie-mueller-koeln.de/newfolder/update.php. As you guess, the destination of the forwarding link has nothing to do with a Nicole Kidman scandal of any sort. The website at the destination is apparently hacked to host a file which indeed contains malware. If you have received a similar spam message, therefore, you are advised to trash it without clicking on the link message.





Nicole Kidman Scandal Tape spam malware
Screenshot 01 – Source: MacHouse
  Nicole Kidman Scandal Tape spam malware
Screenshot 02 – Source: www.familie-mueller-koeln.de
  Nicole Kidman Scandal Tape spam malware
Screenshot 03 – Source: MacHouse






If you visit the web page at the underlying link in the message, you will be immediately forced to download a file titled name.avi.exe. (See Screenshot 02.) According to Sophos Anti-Virus, this suspicious contains malware, which they call Mal/EncPk-CZ. (See Screenshot 03-5.)





Nicole Kidman Scandal Tape spam malware
Screenshot 04 – Source: Sophos security analysis
  Nicole Kidman Scandal Tape spam malware
Screenshot 05 – Source: Sophos security analysis
  Nicole Kidman Scandal Tape spam malware
Screenshot 06 – Source: STRATO AG






The website hosted at the domain of familie-mueller-koeln.de is likely to be the victim of site hacking. This website is believed to be hosted by a German web hosting called STRATO AG (strato.de). (Screenshot 06 shows its index page.)






Click on the button to watch a documentation video. VTC
Click on the button to watch more documentation videos. VTC






References:

Sophos security analysis: Mal/EncPk-CZ Malicious Behavior

This entry was posted in Internet security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comment spam protected by SpamBam

Notify me of followup comments via e-mail. You can also subscribe without commenting.