Attention – Mail server upgrade

Attention!

On October 22, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.

The changes will concern security, reliability and performance of mail service and the system as a whole.

For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.

This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That’s all.

http://updates.<some-domain>.secure.<some-evil-domain>/ssl/id=7906947-<some-address>-list@<some-domain>-patch263.exe

Thank you in advance for your attention to this matter and sorry for possible inconveniences.

System Administrator

Nice trick! But no thanks! Here are some details of the downloaded binary:

I assumed that it was a targeted attack, and the attacker created the subdomains that look alike the real servers for each email that they send.. But I was totally wrong..

No matter what subdomain you use (or even without subdomain), and what ever file you request as long as the file extension is .EXE, the server will still going to response with HTTP/1.1 301 Moved Permanently and redirect you to the binary file.


WGET with no subdomain


WGET with random file name

More technical information on the downloaded binary:

  1. VirusTotal
  2. ThreatExpert

Leave a Reply

Your email address will not be published. Required fields are marked *