An increase of sophisticated phishing attacks in Sweden
Diposting : Kamis, 14 Jul 2016, Penulis : David Jacoby, SecureList (Kaspersky Lab)

Whilst sitting and working in the South African office I receive an
email from my Swedish ISP. I quickly look at it and there is something
that doesn’t add up. The email states that I need to pay my invoice, but
I never receive electronic invoices from this company.
There has been a huge increase in these kind of phishing emails lately
but it’s the first time I have seen these emails. What makes this
campaign so interesting is that they have not just addressed the email
to me, but also included my child’s name. This is something I have never
seen before. How they got access to my child´s name is not sure, one
speculation is that they compromised a Swedish governmental agency, but
this has to be left unconfirmed.

What happens when you click on the link is it will redirect you to a
website. This website will enumerate from your country of residence to
make sure that you are actually a Swedish victim. Additional to this, it
will enumerate your browser by analysing the User-Agent string.

Why they check the Operating System is because the next step in the
campaign is to trick you into downloading a Windows executable. We are
currently investigating what the malware is doing, but from our previous
research it seems that it’s some kind of Cryptolocker.


Disclaimer | Copyright © 2013 - Id-SIRTII/CC
Id-SIRTII/CC - Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center
Menara Ravindo Lt. 17, Jl. Kebon Sirih No. 75 Jakarta Pusat, 10340, Indonesia
Member of: