Fake DHL email lead to malware download

Computer Emergency Response Team UNAM-CERT, received a notification about an email that reached to Hotmail users inbox, apparently, comes from DHL parcel service. The email is shown below:




Ransomware variant that impersonates Mexican Federal Police identity


In one previous posts on this blog, it was performed the analysis of a malware sample which goal is to get money by hijacking the user's session once the computer gets infected. It has recently been reported several ransomware cases about Federal Police to the Computer Emergency Response Team UNAM-CERT. The lock window on the computer is shown below:




Trojan impersonates identity of gusanito.com


Computer Emergency Response Team, UNAM-CERT, received a report about an email campaign leading to the download of a supposedly malicious executable file. The file pretended to be a legitimate postcard from the widely known gusanito.com site, so that UNAM-CERT proceeded to perform the analysis of the sample. Shown below, the body of the email:





Ransomware impersonates Federal Police identity


UNAM-CERT received a report of a suspected malicious file blocking the user session on the computer where it was running.


This type of malware that hijacks information in computer equipment or infected user sessions is commonly called “ransomware”. Usually ransomware keeps blocking the infected computer until the victim pays a fee requested by the attacker. The image below shows the template that enables malware to block the victim’s session:





Backdoor on GNU/Linux


The Computer Emergency Response Team UNAM-CERT, received a report about a possible malicious executable file for GNU/Linux operating systems.

While it’s well known that exists a plenty of malware for Windows operating systems, users should not rule out the development of malware for GNU/Linux and Mac OS operating systems, which, even thought in lower degree, are not exempt to this type of threats.




ZeuS trojan hosted in MX domain

UNAM-CERT received a report about an executable file that appears to be malicious. Binary was hosted in a MX domain with the following name “BC-62016.exe”




Fake Java Update opens a backdoor in Windows

UNAM-CERT received a notification about a suspicious web site that leads to the installation of new Java software.

In the past few days, actualizations of the well-known Oracle software has been a trending topic, for both IT professionals and users all around the world, due to recent security flaws that have come to light, exposing users safety.



Email stealing identity of Santander Bank


The UNAM-CERT received a notification which reported on a possible identity theft campaign. The threat arrives by email as a warning of possible fraud in telcel payment.




As you can see the fraudulent site is similar to legitimate bank site, however include in the address bar is not for the original site.






Fake E-mail from tarjetasbubba.com

The Computer Emergency Response Team UNAM-CERT received a report which notified a suspicious email campaign from tarjetasbubba.com service. A link contained in the text body led to the malware piece.