April 20th, 2013

Cylon_raider

Evolution of the W32/Kuluoz malware scam

Well, boys and girls, it looks like the malware distribution I talked about here and here has morphed again. This morning, I started receiving emails that pretend to be DHL delivery notifications, rather than American Airlines ticket sales or FedEx notifications:



As before, the links take you to hacked WordPress or Joomla sites that will examine your browser user-agent. If you're on a Mac or Linux computer, or you're using a modern Windows browser, you'll see a phony 404 Not Found error that looks like this:



If you're using a Windows browser that has vulnerabilities, the link will download a copy of the W32/Kuluoz information and bank password stealing malware.

Stay safe out there.