How to verify whether a website is legitimate or not?:

martes, 31 de mayo de 2016

Massive Ransomware campaign of compromised Joomla based sites targeting to Endesa customers

Endesa is the largest electric utility company in Spain. Recently it has been discovered a ransomware campaign using a fake invoice of a huge amount to pay, in order to trick users to verify it. A clever social engineering move.

More details and the full list of domains involved can be checked in the CSIRT-CV alert.

The interesting part of this new Ransomware campaign is that most of the domains hosting the malicious scripts are based on the popular Joomla CMS.

hxxp://endesa-clientes .com / not available
hxxp://yamg.endesa-clientes .com / not available
hxxp://www.endesa-clientes. net /not available
hxxp://ojj.endesa-clientes .com / not available
hxxp://wtde.endesa-clientes. com / not available
hxxp://y2l6.endesa-clientes. com / not available
hxxp://rogaska-crystal. com / report
hxxp://itlearning. ma / not available
hxxp://nrmac. org / not available
hxxp://craferscottages. com. au / report
hxxp://sigortaci .net / report
hxxp://quality-managers. org / report
hxxp://tendearteplast. com / report
hxxp://gettingmarried .ie / report
hxxp:// / report
hxxp://tl6q.procura-italia. net / not available
hxxp://qln.myenel24. net / not available
hxxp://qln.myenel24. org / not available
hxxp://swisshalley-sale. ru / report (the only old Wordpress based)
hxxp://heroes-of-the-middle-ages. ru / report
hxxp://y2l6.endesa-clientes. com / not available
hxxp://securitysolutionshow. it / not available
hxxp:// / not available
hxxp://asge .ru / report
hxxp://ensarkarot. com / report
hxxp://faam. com / report
hxxp:// uk / report
hxxp://ipecho. net / report
hxxp://ultimchem. com report

Based on the compromises sites, it seems this campaign is leveraging the critical vulnerability CVE-2015-8562.

No hay comentarios:

Publicar un comentario

Trata a los demás como te gustaría ser tratado.