Log in

No account? Create an account

Previous Entry | Next Entry

Evolution of the W32/Kuluoz malware scam

Well, boys and girls, it looks like the malware distribution I talked about here and here has morphed again. This morning, I started receiving emails that pretend to be DHL delivery notifications, rather than American Airlines ticket sales or FedEx notifications:

As before, the links take you to hacked WordPress or Joomla sites that will examine your browser user-agent. If you're on a Mac or Linux computer, or you're using a modern Windows browser, you'll see a phony 404 Not Found error that looks like this:

If you're using a Windows browser that has vulnerabilities, the link will download a copy of the W32/Kuluoz information and bank password stealing malware.

Stay safe out there.


Apr. 21st, 2013 07:03 pm (UTC)
You know, one would think it's a giveaway that DHL has shuttered almost all of their US operations other than limited commercial (business to business) service in a few areas.