[tor-relays] Phishy
mick
mbm at rlogin.net
Tue Feb 4 10:54:45 UTC 2014
On Mon, 03 Feb 2014 22:33:05 +0100
phrag <phrag at phra.gs> allegedly wrote:
> FYI: Just got this to my Tor relay mail address, with a zip file
> attached extracting to a '.scr' win exe. Curiously routed via
> a .gov.uk mail relay...
>
> GB03022014.scr: PE32 executable (GUI) Intel 80386, for MS Windows
>
I don't think there is anything sinister about this. Yesterday, an old
friend of mine sent me the same details relating to an attack he had
seen (completely unrelated to Tor). The attachments he sent me were
confirmed by virustotal as containing the zeus trojan - usually used
in theft of banking credentials.
The fact that the attack appears to come from UK GSI email servers is
odd, but since the NHS website was compromised yesterday (1), I
speculate it may be related - i.e. somebody may be taking a swipe at UK
Gov services for reasons which escape me....
(1)
http://www.theregister.co.uk/2014/02/03/nhs_choices_website_serves_up_100s_of_pages_of_malware/
Mick
---------------------------------------------------------------------
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
http://baldric.net
---------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140204/a2603100/attachment.sig>
More information about the tor-relays
mailing list