Ransomware outbreak: TorrentLocker being spread on Fake Australia Post Websites

If you are a Trend Micro customer:

• Make sure web reputation is on
• Must have IP reputation on at least QIL level 2

At the present we have seen 10 compromised websites redirecting traffic to the TorrentLocker landing page:

hxxp://bellandbelldoor.com/0UBFTY/ICGytehFRsj.php

…

hxxp://ulive4ever.com/clinOXV/nHwXYxm7fdNs2Su.php

They are using landing pages such as:

hxxp://packagestrackauspost.org

hxxp://auspostparcelschecking.net

We advise IT Managers:

• Put such landing pages into firewalls for protection of other servers / devices
• (noting that they will rotate through multiple landing pages). 

We advise users:

• Not to accept downloads from postal sites.