Ransomware outbreak: Fake Australia Post websites spreading TorrentLocker

0

Trend MicroIf you are a Trend Micro customer:

  • Make sure web reputation is on
  • Must have IP reputation on at least QIL level 2

At the present we have seen 74 compromised websites redirecting traffic to the landing page:
hxxp://cityhostel.net/OHRXV/VXnlcOmg0hDkd3rA.php

hxxp://mysrhs.com/5VUycJqIjEN/DAhqs53.php

They are rotating through landing pages such as:
hxxp:// getdeliveryresults.org

We advise IT Managers:

  • Put such landing pages into firewalls for protection of other servers / devices (noting that they will rotate through multiple landing pages)

We advise users:

  • Not to enter Captcha codes to any postal tracking site

Be especially careful about anything purporting to be a parcel notification or Australia Post (use the phone to call Australia Post and confirm any such email).

Fake Australia Post / TorrentLocker

Share.