Wire Transfer Spam Spreads Upatre
Revision as of 15:25, 14 December 2014 by Eric.freyssinet (talk | contribs) (Created page with "{{Publication |Botnet=Upatre, |Year=2014 |Date=2014-12-11 |Editor=Microsoft malware protection centre |Link=http://blogs.technet.com/b/mmpc/archive/2014/12/11/wire-transfer-sp...")
(Publication) Google search: [1]
Wire Transfer Spam Spreads Upatre | |
---|---|
Botnet | Upatre |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2014 / 2014-12-11 |
Editor/Conference | Microsoft malware protection centre |
Link | http://blogs.technet.com/b/mmpc/archive/2014/12/11/wire-transfer-spam-spreads-upatre.aspx (Archive copy) |
Author | |
Type | Blogpost |
Abstract
“ The attachment contains a malicious ZIP file. We have seen it use the name payment1872.zip, but this can change at any time. The file extracts as an SCR file that imitates a screen saver or an Adobe PDF document as shown in the example below:
Extracted Upatre file
Figure 2: The extracted file imitates an Adobe PDF or screen saver
Trojan:Win32/Upatre is installed when this file is opened.
During the past week, our telemetry showed this threat was predominately seen in North America and attempts to compromise both consumer and enterprise machines.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR338, editor = {Microsoft malware protection centre}, author = {}, title = {Wire Transfer Spam Spreads Upatre}, date = {11}, month = Dec, year = {2014}, howpublished = {\url{http://blogs.technet.com/b/mmpc/archive/2014/12/11/wire-transfer-spam-spreads-upatre.aspx}}, }