Fresh Spear Phishing Scam Impersonates EFF

Security researchers have intercepted one fresh spear phishing scam, which utilizes one URL pretending to be EFF (Electronic Frontier Foundation) a digital rights syndicate, published theinquirer.net dated August 28, 2015.

EFF states that the fake URL within the targeted malware scheme has been created for making people artificially believe in the domain.

Within one blog post, EFF said that it, a global non-profit syndicate in USA, advised Web-surfers for being wary of an URL namely electronicfrontierfoundation.org that had been utilized within certain targeted spear phishing assault albeit the attack's targets weren't clearly known. Theinquirer.net published this.

Apparently, the assault is somewhat advanced while it utilizes one just found Java exploit a 0-day exploit, first known within 2 years.

A spear phishing e-mail sent to the target carries one web-link leading onto one unusual URL on the malevolent electronicfrontierfoundation.org site. When followed, this URL diverts onto one more unusual URL named http://electronicfrontierfoundation.org/url/{6_random_digits}/Go.class that has one Java applet abusing a flawed Java edition.

Subsequently, on getting the Java payload, the associated URL is deactivated that'll no more produce malicious software so that malware analysts won't be able to detect it. With the attacker thus managing in executing any program of his choice on the victim's system because of the Java attack code, it becomes possible for him to pull down another payload that's one binary program for getting run on the PC of the just caught victim.

Disturbingly, the binary downloaded in the second phase could not be regained; nevertheless, the filename and path utilized within other Pawn Storm assaults are the same indicating possibly use of identical malicious script called Sednit. This malware gets pulled into the home directory of the logged-in Web-surfer (operating Windows PC), having one arbitrarily created filename that is then run. Upon execution, the malware clasps many different services followed with pulling down one Dynamic Link Library (DLL) file that's run and linked up with one C&C system where it seemingly checks if the attacked person is the intended one after which it runs a keylogger alternatively modules of some other kind depending on what the attacker requires.

» SPAMfighter News - 9/7/2015