Our Blog

Ransomware outbreak: TorrentLocker being spread on Fake Australia Post Websites

 

Ransomware outbreak: TorrentLocker being spread on Fake Australia Post Websites

If you are a Trend Micro customer:

  • Make sure web reputation is on
  • Must have IP reputation on at least QIL level 2

At the present we have seen 10 compromised websites redirecting traffic to the TorrentLocker landing page:

hxxp://bellandbelldoor.com/0UBFTY/ICGytehFRsj.php

hxxp://ulive4ever.com/clinOXV/nHwXYxm7fdNs2Su.php

 

They are using landing pages such as:

hxxp://packagestrackauspost.org

hxxp://auspostparcelschecking.net

 

We advise IT Managers:

  • Put such landing pages into firewalls for protection of other servers / devices
  • (noting that they will rotate through multiple landing pages). 

 

We advise users:

  • Not to accept downloads from postal sites.