Wire Transfer Spam Spreads Upatre
Jump to navigation
Jump to search
(Publication) Google search: [1]
Wire Transfer Spam Spreads Upatre | |
---|---|
Botnet | Upatre |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2014 / 2014-12-11 |
Editor/Conference | Microsoft malware protection centre |
Link | http://blogs.technet.com/b/mmpc/archive/2014/12/11/wire-transfer-spam-spreads-upatre.aspx (Archive copy) |
Author | |
Type | Blogpost |
Abstract
“ The attachment contains a malicious ZIP file. We have seen it use the name payment1872.zip, but this can change at any time. The file extracts as an SCR file that imitates a screen saver or an Adobe PDF document as shown in the example below:
Extracted Upatre file
Figure 2: The extracted file imitates an Adobe PDF or screen saver
Trojan:Win32/Upatre is installed when this file is opened.
During the past week, our telemetry showed this threat was predominately seen in North America and attempts to compromise both consumer and enterprise machines.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR338, editor = {Microsoft malware protection centre}, author = {}, title = {Wire Transfer Spam Spreads Upatre}, date = {11}, month = Dec, year = {2014}, howpublished = {\url{http://blogs.technet.com/b/mmpc/archive/2014/12/11/wire-transfer-spam-spreads-upatre.aspx}}, }