Do not get fooled by Osteomed. Job Offer for Freelancers
Such a letter came the other day -
Hello.
I need to make a website design, on several pages.
Theme is medicine. Here is the old site: www.osteomed-spb.narod.ru
It is necessary to completely redo the design of the site.
Here are some pictures and descriptions of what I want to see on the site,
Download here: narod.ru/disk/17115848000/Foto.rar.html
I am interested in the cost of work and deadlines.
Krestina Lyudmila Sergeevna.
Attached archive, allegedly TZ (the link too). I am in the habit of strangers checking everything I got, it turned out not in vain:
according to virus test
Trojan.MulDrop.60130
Trojan-PSW.Win32. WebMoner .nl
Win32 / TrojanDropper.Delf.NRR
Inside the archive "TZ" supposedly a text file + supposedly jpg. Be careful.
Subject seen on freelance.
The letter came from the address: osteomed-spb@yandex.ru
UPD LMaster : Functional:
1) The program records all keystrokes (keylogger)
2) The malware steals data for authorization from the following programs:
- QIP
- Mail.ru Agent
- Total Commander
- SmartFTP
- OutLook
- ICQ
- The BAT!
- WebMoney
- FireFox
- IE
- Opera
3) All this program sends to the sites:
sitysan.hmsite.net/upload.php
chikoss.hmsite.net/upload.php
Hello.
I need to make a website design, on several pages.
Theme is medicine. Here is the old site: www.osteomed-spb.narod.ru
It is necessary to completely redo the design of the site.
Here are some pictures and descriptions of what I want to see on the site,
Download here: narod.ru/disk/17115848000/Foto.rar.html
I am interested in the cost of work and deadlines.
Krestina Lyudmila Sergeevna.
Attached archive, allegedly TZ (the link too). I am in the habit of strangers checking everything I got, it turned out not in vain:
according to virus test
Trojan.MulDrop.60130
Trojan-PSW.Win32. WebMoner .nl
Win32 / TrojanDropper.Delf.NRR
Inside the archive "TZ" supposedly a text file + supposedly jpg. Be careful.
Subject seen on freelance.
The letter came from the address: osteomed-spb@yandex.ru
UPD LMaster : Functional:
1) The program records all keystrokes (keylogger)
2) The malware steals data for authorization from the following programs:
- QIP
- Mail.ru Agent
- Total Commander
- SmartFTP
- OutLook
- ICQ
- The BAT!
- WebMoney
- FireFox
- IE
- Opera
3) All this program sends to the sites:
sitysan.hmsite.net/upload.php
chikoss.hmsite.net/upload.php
')
Source: https://habr.com/ru/post/81622/
All Articles