⬆️ ⬇️

Classmates, series two!

Hear, O Habraludi! Went the second wave of spam aimed at Odnoklassniki users!



Just an hour ago, a friend sent a new version of spam. This time, the HTML-letter is used, thus there is the possibility of hiding the real address: the user sees the address www.odnoklassni.ru//mi?l=E5T6FL84699FL31P1J6D4115115M0CLMV4KE55L , and the link leads to www.odnoklassniki.ru._ bitten_.cn / sen / index. php



At this address there is a double-encrypted JS, which eventually writes code to the page for the operation of nine! various vulnerabilities. As a result, Trojan.DownLoader.62869 is loaded onto the computer.

')

In the evening, I think there will be technical details. Parsing files of the first wave in my blog ;-)

Source: https://habr.com/ru/post/26738/



All Articles