Lažno sporočilo:
Dear Customer,
Your credit card has been successfully processed.
FLIGHT NUMBER CA638528ZP
ELECTRONIC 746281562
DATE & TIME / March 30th, 2013, 10:30 AM
ARRIVING / Montreal
TOTAL PRICE / 320.33 CAD
Please download and print your ticket from the following URL : https://www.aircanada.com/travelInformation/viewOrderInfo.do?ticket_number=746281562&acton=download&fid=CA638528ZP
For more information regarding your order, contact us by visiting : http://www.aircanada.com/en/customercare/index.html
Thank you for choosing Air Canada
Trik je v označeni povezavi, ki v sebi skriva povezavo do zip datoteke:
</font><=
a href=3D"http://pegasuscomputer.net/t4028/pdf_aircanada_CA638528ZP.zip=
"><font size=3D"3" color=3D"#0000FF" face=3D"Arial"><u>https://www.airc=
anada.com/travelInformation/viewOrderInfo.do?ticket_number=3D746281562&=
amp;acton=3Ddownload&fid=3DCA638528ZP</u></font></a><font size=3D"3=
" face=3D"Arial"><br>
Kljub temu, da je uporabnik kliknil povezavo, datoteke na računalniku ni. SOPHOS ne najde okužbe.
Verjetno zato, ker je bil prenos preklican dovolj hitro. Datoteka, naj bi se razširila v scr, trojanec pa naj bi kreiral tri datoteke: ILEC.EXE in dve hxxp*.zip
Ni komentarjev:
Objavite komentar