Apr 14 2008

Japanese Companies Targeted

Published by at 8:21 am under Chinese Malware

This morning Symantec reported that Japanese companies are being targeted with a phishing/spam campaign using spoofed emails that appear to be from the Japanese government.  The emails contain two attachments, one of which is an executable backdoor/keylogger.  There are two variants, one recieves C&C from cyhk.3322.org and the other from hi222.3322.org.  The 3322.org domain is used for dynamic DNS (DNS bouncer) and was also used in the recently reported attack on a US Defense Contractor and also some others

Update (April 16) from Takeda Humi Kei’s Japanese security blog  about the attacks.

Comments Off

Comments are closed at this time.