Ransomware se hace pasar por el servicio de correos de EEUU

El email se hace pasar por uno del servicio de correos de EEUU y redirige a una pagina web que se hace pasar por Microsoft Word online.La pagina falsa de Microsoft Word online dice que se necesita el ultimo plugin y pide a las victimas que instalen un archivo llamado plugin.exe que en realidad es un malware.

Este ransomware se llama Mole y es una variante de CryptoMix.Los atacantes actualizan el .exe rapidamente ya que en un dia ha pasado de infectar el ordenador solo con Mole a infectarlo también con Kovter y Miuref.

Los asuntos que tenian los correos infectados son :

ATTENTION REQUIRED: INFO ON YOUR IMPENDING REFUND

ATTENTION REQUIRED: INFORMATION ON YOUR LATEST REFUND

ATTENTION REQUIRED: you are legally obliged to review the status of your shipment

AUTOMATED letter: refund information

AUTOMATED notice in regards to your item’s status

AUTOMATED notification: refund information

AUTOMATED notification: refund information

AUTOMATED USPS notification: your shipment has been postponed

AUTOMATED USPS OFFICIAL LETTER CONCERNING YOUR SHIPMENT

AUTOMATED USPS statement: your package has been delayed

AUTOMATIC letter: moneyback information

AUTOMATIC notice concerning your package’s location

AUTOMATIC notice: refund information

AUTOMATIC notification in regards to your package’s status

AUTOMATIC notification regarding your order’s location

IMMEDIATE ATTENTION NEEDED: your parcel’s been delayed

IMMEDIATE ATTENTION REQUIRED: your parcel’s been delayed

IMPORTANT USPS customer support letter

IMPORTANT USPS REFUND INFO

IMPORTANT USPS REFUND INFORMATION

IMPORTANT USPS system notice

Major problems reported to the USPS support team

Major trouble reported to the USPS customer support

Official letter from USPS support team

Official letter in regards to your parcel

Official notice from USPS support team

Official notification concerning your package

Official notification from USPS

Official notification from USPS customer support team

OFFICIAL USPS MONEYBACK INFO REGARDING YOUR ITEM

OFFICIAL USPS MONEYBACK INFORMATION

Official USPS notification concerning your package

PROMPT ACTION NEEDED: your order’s been delayed

PROMPT ATTENTION NEEDED: your item’s been delayed

There has been an issue with your package

There’s been an issue with your package

URGENT USPS customer support letter

URGENT USPS customer support notification

URGENT USPS MONEYBACK INFORMATION REGARDING YOUR ITEM

URGENT: notice of postponement of your order

USPS CLIENT IMPORANT NEW DETAILS REGARDING YOUR PACKAGE

USPS CLIENT IMPORANT NEW INFORMATION REGARDING YOUR ITEM

USPS customer support notification: your order has been postponed

USPS OFFICIAL LETTER regarding your parcel

USPS official letter: big problems with your shipment

USPS official letter: serious issues with your order

USPS official letter: serious problems with your shipment

USPS official notice: serious trouble with your parcel

USPS official notification: serious issues with your package

USPS system notice: your package has been delayed

USPS system notification: your package has been delayed

USPS URGENT LETTER concerning your item

USPS USER URGENT NEW INFO IN REGARDS TO YOUR PARCEL

WARNING: DETAILS ON YOUR IMPENDING REFUND

WARNING: INFORMATION ON YOUR LATEST REFUND

WARNING: ISSUES WITH YOUR SHIPMENT

WARNING: PROBLEMS WITH YOUR PACKAGE

WARNING: TROUBLE WITH YOUR ITEM

WARNING: TROUBLE WITH YOUR SHIPMENT

WARNING: you are legally obliged to check the status of your order

Fuentes: http://researchcenter.paloaltonetworks.com/2017/04/unit42-mole-ransomware-one-malicious-spam-campaign-quickly-increased-complexity-changed-tactics/

Alive Systems