TOKYO (MacHouse) – More than 3 hours ago, an organized cyber criminal group sent out a spam message with the title of Last news for Ivory Howe (See Screenshot 01.) The body of the message is very simple. It only says
Nicole Kidman Scandal Tape. See now!
with an underlying link to http://www.failie-mueller-koeln.de/newfolder/update.php. As you guess, the destination of the forwarding link has nothing to do with a Nicole Kidman scandal of any sort. The website at the destination is apparently hacked to host a file which indeed contains malware. If you have received a similar spam message, therefore, you are advised to trash it without clicking on the link message.
 Screenshot 01 – Source: MacHouse |
 Screenshot 02 – Source: www.familie-mueller-koeln.de |
 Screenshot 03 – Source: MacHouse |
If you visit the web page at the underlying link in the message, you will be immediately forced to download a file titled name.avi.exe. (See Screenshot 02.) According to Sophos Anti-Virus, this suspicious contains malware, which they call Mal/EncPk-CZ. (See Screenshot 03-5.)
 Screenshot 04 – Source: Sophos security analysis |
 Screenshot 05 – Source: Sophos security analysis |
 Screenshot 06 – Source: STRATO AG |
The website hosted at the domain of familie-mueller-koeln.de is likely to be the victim of site hacking. This website is believed to be hosted by a German web hosting called STRATO AG (strato.de). (Screenshot 06 shows its index page.)
Click on the button to watch a documentation video. 
Click on the button to watch more documentation videos.
References:
