Fake email used to propagate malicious software
In recent days, different users reported an email to UNAM’s Computer Emergency Response Team, which included a link to download an alleged tax receipt in PDF format that came from an enterprise. However, clicking on the link started to download a compressed file with extension “.rar”. A screen capture of the email received is shown on the image below; on the bottom of the image the download link of the file can be seen.
Websites compromised due to injection of JavaScript code
In recent days, a system admin reported us that his website had been blocked and that his browser detected his site as malicious despite being legitimate. For this reason, UNAM’s Computer Emergency Response Team proceeded to analyze it.
Many antivirus engines identified that the website hosted an unwanted program that could be a virus.
Bot hosted on Hotfile's server
UNAM’s Computer Emergency Response Team received a report about an allegedly malicious file that was hosted on the known file hosting website “hotfile.com” with the name “filrulais.exe”. For this reason, we proceeded to analyze the sample.
Phishing website of the gusanito.com portal
A user notified UNAM-CERT about an email that contained an allegedly malicious attachment and an IP address on the body of the message that redirected to a malicious portal that pretended to be the popular e-card website gusanito.com. This kind of sites is known as phishing and its function is to take advantage of users, making them believe that they are navigating a legitimate website.
Virus that infects executable files through an allegedly update of the Adobe Flash plugin
Recently, the UNAM-CERT received a report about a malicious file that was propagating through the network and that pretended to be an update of the Adobe Flash Player plugin.
Once the website was accessed, it displayed a window to accept the download of the file.
After downloading the file, it saved itself with the name dia11_puxa_cliente2.exe and displayed the following page, that pretended to be a legitimate Adobe Flash website.
Malware used to generate electronic Money – Bitcoins
The use of malicious software to bitcoin mining has been increasing. There are reports of cases where the software propagates itself through the Skype service; however it is not limited to this service, computers can get infected by different media, such as websites or by using infected USB devices
Email that redirects to a phishing site of the Afirme Bank
SSI/UNAM-CERT received a report about a website that attempted to fake the portal of the Afirme financial group.
On the content of the email there was a link to the alleged website, as shown below:
After the link is clicked, the user is redirected to the fake site of the Bank. As it can be observed, the URL contains the word “afirme”, to avoid suspicions and make the user think that the site is legitimate.
Linux machines infected by bots
UNAM-CERT received a report about an allegedly malicious file for Linux operating systems. According to the complainant, the system presented low performance and strange behavior; so we proceeded to analyze the sample.
Active botnets update their software
Likejacking: Kidnap of "Like", new propagation method in Facebook
On April 12th, the security company Sophos published on its blog a report about a new scam campaign (fraud) that has been propagating through Facebook with the message:
“Dad walks in on daughter... EMBARRASING!!!"