Datingsd ru

Rated 3.87/5 based on 562 customer reviews

The code in javascript attachment is obfuscated in an attempt to make analysis more difficult.

The above Javascript obfuscates a WScript downloader, which is used to retrieve and execute a malicious PE32 executable from an attacker controlled web server.

This activity has increased in velocity and volume.

datingsd ru-41

The filename and hash changes across groups of emails with several being sent on any given day.

When RIG stopped distributing Tofsee payloads, those responsible for Tofsee switched to alternative distribution methods.

While the Tofsee botnet has been known for sending spam messages, the messages have historically contained links to adult dating and pharmaceutical websites.

The phishing emails purport to be from women in Eastern Europe (namely Russia and Ukraine) and the theme of the emails is adult dating.

Each email contains slightly different text, however the same format is used across all of the messages Talos analyzed.

Leave a Reply