Select Page

Yes, it’s a ridiculous spam, but the malware it delivers is a rather nasty spambot.  As Adam here says “This is a very hard-to-remove spambot (full kernel malware), capitalizing on recent news events.”

Spam1288888

Uses a redirect through Google (quite common these days) to deliver the user to the malware site. The initial payload is a trojan downloader (VT report here), which then pulls down the spambot, which we label as Trojan.Crypt.XPACK.Gen (VT report here).

Alex Eckelberry
(Thanks Adam)


Fatal error: Uncaught wfWAFStorageFileException: Unable to save temporary file for atomic writing. in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:34 Stack trace: #0 /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(658): wfWAFStorageFile::atomicFilePutContents('/home/eckelberr...', '<?php exit('Acc...') #1 [internal function]: wfWAFStorageFile->saveConfig('livewaf') #2 {main} thrown in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 34