[nsp-sec] Attn Amazon.com (AS14618) - Rimecud URL hosted

[Carol Overes]

All,

The following URL hosts a Rimecud/Yimfoca binary:

hxxp://icanhaz.com/images7712?=

AS      | IP               | BGP Prefix          | CC | Registry |
Allocated  | AS Name
14618   | 204.236.232.122  | 204.236.224.0/19    | US | arin     |
2009-07-07 | AMAZON-AES - Amazon.com, Inc.

The hosted binary changes frequently. Latest seen MD5:

119e88656164a6e1307f3b49493402ab
46169567938e465882b6bfe1d01aa344
779a607a64ab539d5b5b3be9d85105af
caaa1fd9b34d2bffe25bb52087fbd75d
e7e16c7ee93e07403ac74e8f3977294c

Detection rate for 119e88656164a6e1307f3b49493402ab (represents
detection rate of the other MD5's):
http://www.virustotal.com/file-scan/report.html?id=6dd7473430a3ead3296f5
394818215e92a5f92891db4763834336aefef8a91ca-1295271174

The malware is spread via instant messengers.

Kind regards,
Carol Overes


 
Carol Overes
Incident Handling and Threat Analyst
Technology

Emirates Integrated Telecommunications Company, PJSC
P.O. Box 502666, Dubai, U.A.E.

Mobile +971558486469

http://www.du.ae/

This email and any attachments contain confidential information. You must not read, print, copy, store, or otherwise use them unless you are the intended recipient. If you have received them in error, please delete them and contact du.
Without exception, du does not enter into any agreement through email communications and nothing in this email shall be construed or interpreted as binding du or creating any obligation (whether financial or otherwise) for du.
You should check attachments for viruses before opening. Please note that email communications may be monitored in accordance with the laws of the United Arab Emirates.

Authorized, issued and fully paid up share capital of AED 4,571,428,571
Commercial License No.576513; Commercial Registration No. 77967