Jump to content

Wicked

Members
  • Content Count

    22
  • Joined

  • Last visited

About Wicked

  • Rank
    New Member
  1. Long story short, there is a massive phishing campaign going on assisted by fake news and the email contains some links such as these. I am here to report these, VirusTotal is unable to detect anything but the behavior is suspicious already. Save this Javascript, might be dangerous and relevant for the analysis, its obfuscated (came from the source code of one of the following links): https://api.b2c.com/api/init-607fc50a7q9gbqtx6p6.js The hyperlinked text in the email redirects to several URLs like these: http://service.comms.yahoo.net/T/v40000016d4bd6ef6d8f2bd6f4bbc782e8/d851160d7f5b444c0000021ef3a0bcc4/d851160d-7f5b-444c-9bac-3f9f9003f12a?__F__=v0fUYvjHMDjRPMSh3tviDHXIoXcPxvDgUUCCPvXMWoX_0JoZLAZABQFyuCvepFzO6Gi_7mTyxpEHBeobYfYuMKxKF30_nRv5kdBS5o8DWw7zWwaKHPicgJEbi2mIcO09HMayTwoan5hE1cmytgCJaAhI-l7ev-4o3mj7drBut5GMaWk_bdZMloV8tbO0p0IuS3g9LFpxs-MrZZXFvv1IUW9mIDinWMAisyKO0YxWWoDaYakLM-WjT6-28_oIzktSoIRFnqNi6mzOj05IBTsE4voYqZwAj-6-kW3WL2ZdHK1elojTfMIXhkIQ== http://service.comms.yahoo.net/T/v40000016d4bd6ef6d8f2bd6f4bbc782e8/d851160d7f5b444c0000021ef3a0bcc5/d851160d-7f5b-444c-9bac-3f9f9003f12a?__F__=v0fUYvjHMDjRPMSh3tviDHXIoXcPxvDgUUCCPvXMWoX_0JoZLAZABQFzPG-zH7Z8Axr6nl0B3NK8Oe7rrqH8l-9KF30_nRv5kdIFdJ4JByjkh0LDjb0_vYeMF5FrNsmjk0yCxHOQEea5D71LZ16xxHfU-jLNCm8kZ2NWSpuVhwfSZWa1u0svKt6VG3qmegcJmKUTqBQwYa1FGa-jt3plckiARUTd_iNt21hpVWCd3eWlnbNU1oow4p0wVzMEaYF6wgVH6Io0XoMus8whCpPOrU82IAxf9c_Kl7FxRBMDLJOe1zYKSDKyTEiq7jrk9JUCdWt9YwW13jtHo= Which come from a realistic phishing email, as shown: The final URL is: www.YahooDataBreachSettlement.com Notice yahoo.net rather than yahoo.com
  2. Hello everyone, today I was searching the web and I realized that some websites have popups that open one certain domain, which by itself redirects the client to an advertisement page in a specific language. None of the websites/domains were detected as dangerous but they are quite annoying and I believe most are unwanted and potentially dangerous, and I was thinking if there was the way to block them on our own choice. I figured out that we can't do this, so I was going to suggest MBAM to add the opposite of "Exclusions". (I don't feel like paying for some sort of parental control third-party software or extension just for one browser, I wanted something really in MBAM that allowed me to block a possible threat no matter how I access it) Either in the exclusions tab or quarantine tab, there could be a button like "Add Threat", select "File/URL" checkbox (optionally a checkbox for something such as "Send for False Negative analysis" but this one would probably give you a lot of work specially if people sent files randomly, captcha would help, I guess?). So we could block URLs at least, hopefully files too and optimally having a way to submit them to you when we find them suspicious. Thanks for your time! The an example of an advertising related website that annoys me from time to time: https://www.virustotal.com/en/ip-address/35.188.59.75/information/ Final note: I'm free of adware and malware, I do regular full scans with MBAM & Other antiviruses, AdwCleaner, etc
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.