3/17/2024 0 Comments Windows r key scamThe WordPress website posing as Windows Support.Ĭlicking the ‘Microsoft’ image will download WindowsUpdate.bat and hitting the ‘Download Now’ button downloads the key.rar archive file. Should the victim click the hyperlink provided by the second email sample will redirect to the WordPress web page below:įigure 4. Emails implying that a Windows OS License is expired. In the second email sample, the hyperlink uses a short URL service that leads to a WordPress website.įigure 3. An email written in French, and translated in English, asking the user to update its computer. In the first email sample, the hyperlink provided will directly download a batch file, WindowsUpdate.batįigure 2. The email "From:" address is: followed by some digits. Recently, have seen an email spam campaign pretending to be an important update for your computer. The ransom demanded in this case was in the form of Google Play Cards.īelow is an overview of the process from the email hyperlinks, file downloads, to how these files are installed and work in the victim’s computer. This screen locker ransomware variant locks the user's screen and demand a ransom rather than the typical file encryption style ransomware. With a bit of modification, the script works like ransomware, without the hassle of having to compile a portable executable. We recently came across a case where the scammer reused some existing scripts to phish and scam - copy and paste style. Email scammers always seem to invent new ways of trickery to gain cash from their victims.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |