“NY TRAFFIC TICKET” SPAM is back

2013.03.27

Well, it was gone for a while, and here it back 🙂

Email message sample:

mail1

 

Actually code looks like:

mail3

 

Attack, actually, run for about 48 hours already at least. You may see traces of it on URLQuery [36 entries by now]

When clicked – lead to BHEK2

mail2

 

BHEK2 payload – Cridex [22/46] and Fareit.

Second binary is interesting one, yes 🙂 Wait for updates.

Stay safe!

D.L.

Leave a comment