Would you like an iframe, sir?
Yesterday, when I was about to get something to eat, my attempt to check a menu online ended up with a warning about HTML:Iframe-LZ. Well, that's quite spicy content of common daily offer. So, let's look what's under the hood.
Main course: you can choose either a speciality of Chinese cuisine delivered by hxxp://b.nt002.cn/E/J.JS (it's fortunately down already) or a Russian saschlik that contains some popular ingredients (such as google, classmates or linkhelper) in following order - hxxp://clicksor-com.eastmoney.com.mobile-de.homesaleplus.ru: 8080/ocn.ne.jp/ocn.ne.jp/ classmates.com/linkhelper.cn/google.com/ (also down already, but these two links belong to a Gumblar system).
Dessert: a nice little snippet to carry the execution of all the malcode.
Anyone else hungry out there? :-)
Highly effective Cerber ransomware is spread via phishing emails and demands more than $700 in ransom
Based on analysis of past Locky ransomware attacks, experts in the Avast Threat Labs predict that another attack is imminent.