[nsp-sec] Attn SoftLayer (AS36351) - Rimecud URL hosted

[Carol Overes]

All,

The following URL hosts a Rimecud/Yimfoca binary:

hxxp://mochachino1.com/profile.php?=

AS      | IP               | BGP Prefix          | CC | Registry |
Allocated  | AS Name
36351   | 208.43.112.232   | 208.43.64.0/18      | US | arin     |
2008-04-22 | SOFTLAYER - SoftLayer Technologies Inc.

The hosted binary changes frequently. Latest seen MD5:

7b1493a88e78b5c8632a23d2f8025820
bfcdeb23449e8532d5f88a8d28c0ee33
36e3c796455a269d5e9146635e85a530
926fc9cf4e1c4a4fa5208faa0552a04b
f5962ec74b0cc66fa96c5042d39eaeda

Detection rate for f5962ec74b0cc66fa96c5042d39eaeda (represents
detection rate of the other MD5's):
http://www.virustotal.com/file-scan/report.html?id=55153fdcfc679c02e7579
f82ebf262b9c0d55b78f9e2b84bd829d3677b1a1d48-1294654865

The malware is spread via instant messengers.

Kind regards,





 
Carol Overes
Incident Handling and Threat Analyst
Technology

Emirates Integrated Telecommunications Company, PJSC
P.O. Box 502666, Dubai, U.A.E.

Mobile +971558486469

http://www.du.ae/

This email and any attachments contain confidential information. You must not read, print, copy, store, or otherwise use them unless you are the intended recipient. If you have received them in error, please delete them and contact du.
Without exception, du does not enter into any agreement through email communications and nothing in this email shall be construed or interpreted as binding du or creating any obligation (whether financial or otherwise) for du.
You should check attachments for viruses before opening. Please note that email communications may be monitored in accordance with the laws of the United Arab Emirates.

Authorized, issued and fully paid up share capital of AED 4,571,428,571
Commercial License No.576513; Commercial Registration No. 77967