Post Office: Your parcel has been redirected to your local post office branch due to an unpaid shipping fee. It begins with the usual SMS message claiming that a parcel has been redirected, and reads as follows: Shall we take a look? The Royal Mail phish in action This is, in effect, the malware portal bouncer on the door, but now they’re yelling about parcel deliveries. What we have with this Royal Mail fake out, is an added layer of sophistication. If it says “Chrome, mobile” they’ll be allowed into the heart of the phish.
If it says “Chrome, desktop” the site will send the visitor away. Some phishes are aimed at mobile users only, and will check the browser’s referral agent. If none of that is happening, if no screen displaying the desktop is in evidence, the malware assumes “malware research” and doesn’t come out of its shell.įinally, we come to phishing pages.
USPS REBOOK PC
A fully patched system running security software? Sorry, this is an exclusive party.Īnother similar check made by malware files when sitting in a virtual testing environment is to look for mouse movements and general desktop activity like an absence of PC screens/monitors. Running an old version of Flash? Come on in.
Redirection Gates act like a kind of bouncer, making sure the right name is down on the list.
USPS REBOOK SOFTWARE
There’s no point spending a fortune on an exploit kit if potential victims aren’t running the outdated software required. Similarly, malware portals rely on the right kind of traffic. This is why malware frequently looks for clues that it’s sitting inside a virtual environment, and then refuses to do anything. A lot of analysis is done inside VMs, because it’s cheaper and less time consuming than infecting a “real” PC and then rolling everything back. Malware authors often obscure the inner working of their code, or prevent files from executing inside a virtual machine. This can take the form of stolen image files, and in other cases they’ll simply hotlink the live images or design instead.īut what we haven’t seen while digging into these fake portals is a smattering of what looks to be researcher deterrents. Sometimes these sites will lift bits and pieces from the official pages they happen to be imitating. As a result, many exist in an effort-free zone of “ graphic design is my passion”. These bogus pages are often taken down quickly by hosts. The operators know their scam is a case of here today, gone tomorrow. Many fake Royal Mail pages are cookie-cutter efforts existing on borrowed time. Often, the quality of sites we see varies greatly. Royal Mail phish scams are still in circulation, slowly upgrading their capabilities with evasion tools deployed in far more sophisticated malware attacks.
0 kommentar(er)
