The email is as follows:
As can be seen, the links lead to the URL shortener Bit.ly, so that this site is used to hide the true destination of the link which is an IP address, where a harmful file is hosted: http://[DELETED].46.35.138/Images/Dispositivo_2011.asp. From there the file Dispositivo_2011.exe which is a banking Trojan is downloaded.
The interesting thing is that in less than two hours since the criminals launched the fake emails, they have achieved the interesting amount of 500 downloads of the malware, as can be seen in the details of the shortened URL:
It is important to remember that criminals use shorteners as a tool but we can also do it and in the case of Bit.ly you can check the URL and place the "+" sign after it to know the real destination of the redirect. For example: http://bit.ly/seguinfo+
In the event that it is not Bit.ly, another way to check short URLs is to use services such as LongURL (which also has an extension for Firefox), ExpandURL or KnowURL
Cristian from the Segu-Info Newsroom
- Publicidad -
