Site: customers.invoice-appmy.0rg/B4VByTbwk4/customer.php?h=Ym8ubHVuZHN0cm9tQGdlLmNvbQ0K
IP: 118.67.250.91
Exploits a Graphical exploit in Word
You can also find it here: http://www.malwaredomainlist.com/mdl.php (warning not a site for people w/o experience with viruses).
DBD (Drive-by Download).
!!Blocked by Comodo Secure DNS!!
Ideas?
AVG gives malware in the last 7 days: http://www.avgthreatlabs.com/website-safety-reports/domain/invoice-appmy.org/
URLQuery: http://urlquery.net/report.php?id=7725141 (Nice screenshot of the site)
Zulu: 100% malicious http://zulu.zscaler.com/submission/show/1b404dc7e350fd4c6fb12ee85c049d4a-1383909015
Clean for Sucuri ,Quettra and Google Safebrowsing.
File is an Office 1997-2003 document.
File is reported to Avast.
Screenshot of the open file is attached.
Pondus
4
polonus
5
Hi Pondus,
For those that ignored this threat, they can still install the MS-Fixit for the exploit: http://go.microsoft.com/?linkid=9840894
the download link to MicrosoftFixit51004.msi and be protected,
polonus