Wire Transfer Spam Spreads Upatre

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Wire Transfer Spam Spreads Upatre
Botnet Upatre
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2014 / 2014-12-11
Editor/Conference Microsoft malware protection centre
Link http://blogs.technet.com/b/mmpc/archive/2014/12/11/wire-transfer-spam-spreads-upatre.aspx (Archive copy)
Author
Type Blogpost

Abstract

The attachment contains a malicious ZIP file. We have seen it use the name payment1872.zip, but this can change at any time. The file extracts as an SCR file that imitates a screen saver or an Adobe PDF document as shown in the example below:

Extracted Upatre file

Figure 2: The extracted file imitates an Adobe PDF or screen saver

Trojan:Win32/Upatre is installed when this file is opened.

During the past week, our telemetry showed this threat was predominately seen in North America and attempts to compromise both consumer and enterprise machines.

Bibtex

 @misc{empty2014BFR338,
   editor = {Microsoft malware protection centre},
   author = {},
   title = {Wire Transfer Spam Spreads Upatre},
   date = {11},
   month = Dec,
   year = {2014},
   howpublished = {\url{http://blogs.technet.com/b/mmpc/archive/2014/12/11/wire-transfer-spam-spreads-upatre.aspx}},
 }