The Latest in IT Security

Massive Google scam sent by email to Colombian domains, (Wed, Apr 10th)


This morning many users in my city woke up with supposedly good news from a resume they sent to google looking for open positions:

Google SCAM

Of course this scam does not have anything new and innovative to cause a massive impact, but here is the catch: in this part of the world, people love P2P networks and love to download unlicensed content like Windows Operating Systems, music and paid programs so they don't have to pay a cent for it. Since standard security controls like antivirus and Host IPS shows those programs like malicious and then block most of its functionality, there are a huge number of people that disregard such measures to access freely those unlicensed contents.

The file referenced in the e-mail is zip compressed, MD5 4e85b6c9e9815984087f6722498a6dfc. Once uncompressed, you get document.exe, MD5 3e41ab7c70701452d046b93f764564ec. This file is widely recognized by VirusTotal with a 40/46 detection radio. It is a mass mailer with backdoor capabilities. The mass mailer malware description can be found at and the backdoor description can be found at

This little thing caused lots of help desk calls this morning to my company because people complained about very slow internet links without performing any download operations. If you were affected by this malware, please keep in mind the following recommendations:

  • Do not *ever* open attachments from not reliable sources, specially zipped files that have inside exe files. Nothing good can come from it.
  • Do not disable any security controls inside your computer like host IPS, antivirus and personal firewall. If you require to work with software that is blocked by any of these controls and there is no way no enable it through them, it is definitely something you should consider not to use.
  • Malware can control your machine and handle your machine as desired, affecting confidentiality, integrity, availability, traceability and non repudiation of your information. Avoid  performing actions that could materialize such risks like dealing with p2p software.

Manuel Humberto Santander Peláez
SANS Internet Storm Center – Handler
Twitter: @manuelsantander
e-mail: msantand at isc dot sans dot org

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments