Anyone else seen anything similar? I'm at a loss to understand if this is: a) a really lame targetted attack b) a wide scale attack that we have only heard one example of. Dean On 2/08/11 12:55 PM, Michael Fincham wrote:
Hi list,
Just had a visit to our Christchurch offices from a shady guy claiming "ISPs snoop on all your traffic, you should download this free, secure browser" who then proceeded to hand our tech who answered the door several URLs on a piece of paper.
I can't imagine a world in which the "linked" executable is anything aside from a malware payload, though VirusTotal returns nothing for the file, so it may be new or just creatively packed.
Here's a picture of the piece of paper given to our tech:
http://finch.am/projects/nznog/IMG_20110802_124202.jpg
The URLs on the paper are:
http://www.autoprofits.smartmediaTechnologies .com http://www.autoprofits.smartmediaDesktop .com http://www.autoprofits.smartmediaPays .com
I'm happy to provide a copy of the payload for analysis and I'm sure our tech could give a more thorough description of the chap if anyone wants to take this further.