Beware of Nicole Kidman Scandal Tape Malware Distribution Spam Mail
TOKYO (MacHouse) - More than 3 hours ago, an organized cyber criminal group sent out a spam message with the title of Last news for Ivory Howe (See Screenshot 01.) The body of the message is very simple. It only says
Nicole Kidman Scandal Tape. See now!
with an underlying link to http://www.failie-mueller-koeln.de/newfolder/update.php. As you guess, the destination of the forwarding link has nothing to do with a Nicole Kidman scandal of any sort. The website at the destination is apparently hacked to host a file which indeed contains malware. If you have received a similar spam message, therefore, you are advised to trash it without clicking on the link message.
 Screenshot 01 - Source: MacHouse |
 Screenshot 02 - Source: www.familie-mueller-koeln.de |
 Screenshot 03 - Source: MacHouse |
If you visit the web page at the underlying link in the message, you will be immediately forced to download a file titled name.avi.exe. (See Screenshot 02.) According to Sophos Anti-Virus, this suspicious contains malware, which they call Mal/EncPk-CZ. (See Screenshot 03-5.)
 Screenshot 04 - Source: Sophos security analysis |
 Screenshot 05 - Source: Sophos security analysis |
 Screenshot 06 - Source: STRATO AG |
The website hosted at the domain of familie-mueller-koeln.de is likely to be the victim of site hacking. This website is believed to be hosted by a German web hosting called STRATO AG (strato.de). (Screenshot 06 shows its index page.)
Click on the button to watch a documentation video. 
Click on the button to watch more documentation videos.
References:
Sophos security analysis: Mal/EncPk-CZ Malicious Behavior
********** ********** ********** ********** ********** ********** ********** **********
MacHouse is not funded by tax payers' money. We have limited resources. We also need time to sleep and eat just as others. So we will not act as the International police to contact all victims of website abuse. All you have to do is to subscribe to spam messages and spam posts. If we can, why don't you?
Leave a Reply
You are prohibited from posting comments merely to advertise your website. Please read Rules and About This Blog at the top menu bar for more information.
Because of spam-comment criminals, we are forced to manually moderate every comment that you may post. Your comment will appear only after we review and then approve it. It will take us several hours at most to review it.
Please note that all one-sentence comments will be automatically rejected as an anti-spam measure.