Desenmascara.me

How to verify whether a website is legitimate or not?: desenmascara.me

martes, 31 de mayo de 2016

Massive Ransomware campaign of compromised Joomla based sites targeting to Endesa customers

Endesa is the largest electric utility company in Spain. Recently it has been discovered a ransomware campaign using a fake invoice of a huge amount to pay, in order to trick users to verify it. A clever social engineering move.

More details and the full list of domains involved can be checked in the CSIRT-CV alert.

The interesting part of this new Ransomware campaign is that most of the domains hosting the malicious scripts are based on the popular Joomla CMS.


hxxp://endesa-clientes .com / not available
hxxp://yamg.endesa-clientes .com / not available
hxxp://www.endesa-clientes. net /not available
hxxp://ojj.endesa-clientes .com / not available
hxxp://wtde.endesa-clientes. com / not available
hxxp://y2l6.endesa-clientes. com / not available
hxxp://rogaska-crystal. com / desenmascara.me report
hxxp://itlearning. ma / not available
hxxp://nrmac. org / not available
hxxp://craferscottages. com. au / desenmascara.me report
hxxp://sigortaci .net / desenmascara.me report
hxxp://quality-managers. org / desenmascara.me report
hxxp://tendearteplast. com / desenmascara.me report
hxxp://gettingmarried .ie / desenmascara.me report
hxxp://reigjofre.com / desenmascara.me report
hxxp://tl6q.procura-italia. net / not available
hxxp://qln.myenel24. net / not available
hxxp://qln.myenel24. org / not available
hxxp://swisshalley-sale. ru / desenmascara.me report (the only old Wordpress based)
hxxp://heroes-of-the-middle-ages. ru / desenmascara.me report
hxxp://y2l6.endesa-clientes. com / not available
hxxp://securitysolutionshow. it / not available
hxxp://gov.endesa-clientes.com / not available
hxxp://asge .ru / desenmascara.me report
hxxp://ensarkarot. com / desenmascara.me report
hxxp://faam. com / desenmascara.me report
hxxp://houseofcolours.co. uk / desenmascara.me report
hxxp://ipecho. net / desenmascara.me report
hxxp://ultimchem. com desenmascara.me report

Based on the compromises sites, it seems this campaign is leveraging the critical vulnerability CVE-2015-8562.
 

No hay comentarios:

Publicar un comentario

Trata a los demás como te gustaría ser tratado.