The Dark Visitor

Apr 14 2008

Japanese Companies Targeted

Published by jumper at 8:21 am under Chinese Malware

This morning Symantec reported that Japanese companies are being targeted with a phishing/spam campaign using spoofed emails that appear to be from the Japanese government. The emails contain two attachments, one of which is an executable backdoor/keylogger. There are two variants, one recieves C&C from cyhk.3322.org and the other from hi222.3322.org. The 3322.org domain is used for dynamic DNS (DNS bouncer) and was also used in the recently reported attack on a US Defense Contractor and also some others.

Update (April 16) from Takeda Humi Kei’s Japanese security blog about the attacks.

Comments Off

Comments are closed at this time.

Purchase the book
Feeds

Subscribe to RSS

Podcast RSS
Recent Posts
Recent Comments
- BeatUpPride on F-U Tencent!
- CBRP1R8 on F-U Tencent!
- alex on PRC based members of carders.cc
- gao yulong on PRC based members of carders.cc
- alex on PRC based members of carders.cc

Japanese Companies Targeted

Purchase the book

Feeds

Recent Posts

Recent Comments

Categories

Blogroll