页面

2014年5月5日星期一

【可疑木马欺诈病毒邮件警告】jasonhall621@gmail.com

注意,如下邮件为可疑木马病毒欺诈邮件。请不要打开其中的网页链接或者附件!请搜索你的信箱,将如下电邮标注为欺诈,但并不要删除,留作以后的参考。如果简单删除,你就忘记了这个地址发过木马病毒欺诈邮件,下次遇到它的信依然容易上当。

请参考 邮件安全提示 http://goo.gl/e7gPk6 = http://lihliiposterous.wordpress.com/2010/06/10/%E9%82%AE%E4%BB%B6%E5%AE%89%E5%85%A8%E6%8F%90%E7%A4%BA/

可疑邮件请保存邮件源码压缩后发送到 wlaqgw@gmail.com 提供分析和处理建议。
发空白信给 wlaq-gg+subscribe@googlegroups.com 可订阅网络安全公告邮件组,得到及时的警告通知,技术咨询服务。

发信地址:Julie Morrison <jasonhall621@gmail.com>
标题:重要通知(请勿扩散)!
附件:网盘共享
文字内容:

2014-05-02 21:57 GMT+02:00 Julie Morrison <jasonhall621@gmail.com>:
由民主中国阵线主席盛雪发起,全球各团体及组织参加的"全球纪念六四25周年网络大会"将于北京时间5月31日上午8点开始,以配合海外民运发起的纪念六四的"天下围城"活动,为包括中国境内希望参与六四25周年纪念活动的各地民众提供一个互动平台,这次全球网络大会将持续6个小时,以多种网络平台举行,主会场设在Paltalks伺服器的6425WebCongress房间,分会场设在Raidcall伺服器的"全球纪念六四25周年网络大会"语音组群,并通过多个网址和国内外的其他伺服器进行实况音讯转播。为防止中共网特的网络封杀和攻击,筹备组现紧急设立备用分会场在YY伺服器的"6425网络大会"语音房间和组群,请下载上述伺服器的程序并进行测试。下载地址:https://www.mediafire.com/folder/oyn2ab5japhyd/program
    
全球纪念六四25周年网络大会筹备组

sent from my iPhone

本邮件为民阵多伦多内部讨论文件,所涉内容均属机密。未经邮件原作者正式许可,任何人不得以任何形式将本邮件内容、 邮件涉及到的民阵成员的观点、态度以及民阵多伦多 Google 讨论组讨论过程中所呈现的观点异同散发到民阵多伦多之外。多谢合作。

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify Rollor, the moderator. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

You received this message because you are subscribed to the Google Groups "FDC Canada" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fdc-canada+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

You received this message because you are subscribed to the Google Groups "争鸣平台" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zhengmingpingtai+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

悉尼支持中国民主化工作平台.
To post to this group, send email to sydcndemocracy@googlegroups.com
To unsubscribe from this group, send email to sydcndemocracy-unsubscribe@googlegroups.com

You received this message because you are subscribed to the Google Groups "悉尼支持中国民主化工作平台" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sydcndemocracy+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

We are gathering to "June 4th In China Group"
To post, just send email to June4th@googlegroups.com
Send email to June4th+unsubscribe@googlegroups.com to remove
For more options, visit this group at http:www.june4th.net

You received this message because you are subscribed to the Google Groups "June 4th In China" group.
To unsubscribe from this group and stop receiving emails from it, send an email to June4th+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.<br /


查毒报告:
https://www.virustotal.com/zh-cn/file/681ff72dccf3bec9f341c2060c830a93de286f94c59cb241d982fe8dc3e07e87/analysis/1399245907/
https://www.virustotal.com/zh-cn/file/c34e18eee4810a8f6e673b8c3a60ed636edb1aa33232318752ffe3419a1fc626/analysis/1399246419/
https://www.virustotal.com/zh-cn/file/5e7f7f199d1681636e2b906420b15c63818dfdb89cbfce687e0b55eeba4f7fc4/analysis/1399246342/

该网盘共享的三个文件都报告有蠕虫病毒 WORM_STRAT.GEN-3 ,而三个不同公司来源的文件有同样的误报概率是极低的,这显示这三个文件高度可疑,可能都被添加了同一种病毒。

Julie Morrison <jasonhall621@gmail.com> 群发邮件中提供的网盘下载的 raidcall_v8.0.4.exe 在线查毒结果:
https://www.virustotal.com/zh-cn/file/681ff72dccf3bec9f341c2060c830a93de286f94c59cb241d982fe8dc3e07e87/analysis/1399245907/
有两个可疑报告。该邮件提供的网盘文件夹中其他两个文件也有同样的病毒可疑报告。

对比网上其他同版本号的文件,发现与之不同,而且在线查毒结果都正常。所以这个邮件里提供的网盘共享安装文件可能带有木马,请谨慎不要使用。如果要使用
raidcall 应该到原网站下载官方版本为妥。

为安全计,下载邮件和网上不可靠的 exe
等可执行文件,最好将其文件名后缀改成不可执行的,比如附加下划线为 exe_
,以防止意外点击运行而中毒。

网上搜到的同样版本 raidcall_v8.0.4.exe 的文件与如上文件不同,但各自都相同:
https://docs.google.com/file/d/0B7R1qxxu5H6OQ3ZaS09OWGpmRlE/edit
http://www.jb51.net/softs/43486.html#down
http://pan.baidu.com/s/1cMLLl
http://pan.baidu.com/s/1iqqr4
http://www.bkill.com/download/raidcall-25888.html
http://www.smzy.com/smzy/down110252.html
http://www.cr173.com/soft/41160.html

查毒结果正常:
https://www.virustotal.com/zh-cn/file/329364347eb28c172bb809cdd1c3ebe573676367eda24ab362138a00d48a0e58/analysis/1383200113/

raidcall 网站发布的最新版本 raidcall_7.3.4.exe:
http://www.raidcall.com/download.html

查毒结果:
https://www.virustotal.com/zh-cn/file/dab7847da0e268e301874d021e3fe055c743fd2eccc2b61d167db69b5cc496fb/analysis/1399123012/

其他几个不同打包文件,但查毒结果大多正常:
http://www.hack44.cn/soft/sort0126/sort0127/2013110527873.html
https://www.virustotal.com/zh-cn/file/4a5995362bfea246b4796666f904d290af992909784613e92195f0e69836e40e/analysis/1399248518/

http://sptuner.blogspot.nl/2013/10/rc-raidcall-v804.html
https://www.virustotal.com/zh-cn/file/5d7d06cf416cf2bb806b1e9e479c049c247617c822da545d721d044580adafae/analysis/1399248708/

http://www.cngr.cn/dir/210/282/20130828101472.html
https://www.virustotal.com/zh-cn/file/583dd502a1b97cd121d312450ff6da5148994972f3f59c8d5bd3e314dac80926/analysis/1399250573/

发表评论