Look for a job, get malware

Posted on by

If you are looking for a job, don’t blindly click on the first offer you see in your mailbox:

The link loads ‘additional information’ (exploit page)

Traffic log:

chinesetruck.ru/car.html
masterisland.net/main.php?page=975982764ed58ec3
chinesetruck.ru/favicon.ico
masterisland.net/Edu.jar
masterisland.net/data/hcp_vbs.php?f=58e0f&d=0
masterisland.net/w.php?f=58e0f&e=0
masterisland.net/w.php?e=5&f=58e0f
prakticalcex.ru/mev/in/
nalezivmordu.in/mev/in/
zorberzorberzu.ru/mev/in/

Here is the login page for the corresponding exploit kit (BlackHole):

One of the exploits (Java) is not detected by any AV on VirusTotal:

Edu.jar (VirusTotal 0/42)

Jerome Segura

One thought on “Look for a job, get malware

  1. Yeah, looks like it’s been a busy period for the scammers. Beware of the spoof emails, and even the innocent looking ones that aren’t asking for your payment details such as the job scam above. More often than not they contain malicious javascript designed to perform CSRF or similar type attacks. If you don’t know who it’s from, bin it – curiosity killed the cat :)

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>