The call is for all Anons worldwide. Meanwhile, Anonymous Italia has hit over 100 Russian banks and revealed who the leaders of the pro-Putin group are.
Technical Analysis by the Malware Hunter JAMESWT
False BRT shipment carries Ursnif / Gozi to Italy. The email xls contacts a single link and downloads the dll, starting the malware infection chain. But only from Italian IPs and not on the blacklist
A fake BRT shipment is still the lure for an Ursnif / Gozi campaign in Italy.
Once opened, the email xls attachment contacts a single link and downloads the dll, starting the malware infection chain.
This, however, only occurs if the potential victim uses Internet Explorer. Moreover, the attack is explicitly directed against Italy. The DLL, in fact, is downloaded only if only if two conditions are met:
- The IP must be Italian;
- The IP must not be blacklisted.
Ursnif / Gozi is a banking Trojan used by cybercrime to intercept network traffic, steal credentials and download other malware.