WhatsApp Wëb Trojan??

Say,

What damage does this do? I've posted the hyperlink accompanying the email message. The user was asked for a Gmail password and did enter it.
http://prikolna.netclient.info/img.php?kkny=744701&ki=5&cvyg=b9512d9fa351f5a55b77a82e2ef2543c&ww=2.7.1559&uebgnj=p2ucqKWioaAuoTk5p0OaoJScoP5wo20=
WhatsApp Wëb


Yoü have a new message
Detáils:
Datè: May 29, 2015, 4:21 am 53
Lënght: 43sec

            111


Play


*If you cant opên this, move it to your "Inbox" folder.


to change that is now Change it with I can afford that I can buy
shaunwinginAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

John EastonDirectorCommented:
I haven't followed the link, but usually where spam ask for your password it confirms two things.  Firstly, by following the link they have confirmed their e-mail address is valid.  This could result in more spam or junk mail.

However, by entering their Gmail password, the user has likely given access to their Gmail account, assuming the email address that the spam was received on is also associated with the Gmail account.

I would get the user to change their Gmail password asap.

Finally, some sites try to install malware, whether it succeeded or not (if this site was one of them) would depend on your anti-virus, firewall and internet settings.
0
KimputerCommented:
Never follow links you don't know who/what/why/how (I did research it though, just hopping around multiple questionable sites)
Also never input your Gmail password anywhere else than on official Google websites (check secure status of the website, the certificate lock icon in your browser)

Now, change gmail password.
Next, set up 2 way authentication (usually with codes or the Google Authentication app)

Just using plain logic though, whatsapp doesn't use external links for whatever service (in this case, the user was probably curious about the audio message, but HOW DID WHATSAPP KNOW HIS EMAIL ADDRESS as it only works with phone numbers). Next up, why would you ever input your passwords on external website? There's totally no valid reason for that. Educate the user to prevent future mishaps.
0
btanExec ConsultantCommented:
The msg is too instructive as to even shift to inbox as it deems it will be in the junk or spam box and even run active media which will download the actual payload trojan, then it is gameover as a whole. Recently, fake whatapps web is spreading torjan e.g. Zeus. See similar variant attempt cases
If you have received an email from WhatsApp recently, we urge you to not open it and to delete it immediately. The email is a hoax that contains malware.

Within the last few days, an email with the subject line “Missed voice message” has spread with the sender name “WhatsApp Messenger.” The message asks recipients to “please download attached file,” a file named “Missed-message.zip.”
https://blog.avast.com/2014/01/23/whatsapp-bogus-email-tries-to-install-zeus-trojan-on-your-computer/
Also advised to
It is almost impossible to get rid of unwanted messages, however it is safer to access WhatsApp on the web from the official website located at https://web.whatsapp.com. So, users are recommended to refuse imitations and suspicious applications.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

shaunwinginAuthor Commented:
No one brave enough to click link? Can it harm?
0
btanExec ConsultantCommented:
It is clearly the intent of the email is supicious in "The user was asked for a Gmail password ...." Gmail will not sent an email asking for that and neither any email in legit intent will do it in best of user security interest. The website can be legit as we need not click the URL ourselves - just leverage online services to check that first. They surface no negative finding.

But it doesn't everything is fine as the credential is lost already since "the user entered it ....". The site can be a "waterhole" site collection front of successful phished login info and used further for other cyber crime ventures (and even into espionage case if the user are working in sensitive and good stead organisation)....

Will be good to reset the GMail login and any other online profile and login account for that user using that same password asap...

PS, strange is that the Main site (including browsing through the sites link) always redirect to "http://prikolna.netclient.info/error.php", same page ...

=====Some online findings=============
From VT results after submitting this URL for scanning - in short "Clean site" (IP - 149.47.132.157)
https://www.virustotal.com/en/url/11a786f192710dab4e1ae44b25d659f6a19da27b066ad400c2920049c8b5d91a/analysis/1433117705/
..and checking on the IP 149.47.132.157, yield and looks like legit "servers@precipiceinc.com", an Insurance brokerage firm
NetRange:       149.47.128.0 - 149.47.159.255
CIDR:           149.47.128.0/19
NetName:        MULTICOM-149-47-128-0-18
NetHandle:      NET-149-47-128-0-1
Parent:         PSINET-B-47 (NET-149-47-0-0-1)
NetType:        Reallocated
OriginAS:      
Organization:   Precipice (PRECIP)
RegDate:        2010-01-05
Updated:        2013-11-12
Ref:            http://whois.arin.net/rest/net/NET-149-47-128-0-1


OrgName:        Precipice
OrgId:          PRECIP
Address:        11231 U.S. Highway 1
Address:        #171
City:           North Palm Beach
StateProv:      FL
PostalCode:     33408
Country:        US
RegDate:        1992-01-28
Updated:        2013-01-21
Ref:            http://whois.arin.net/rest/org/PRECIP
using http://centralops.net/co/domaindossier.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
if interested, can check out even the "I been pwned" snapshot directory to do a check on email account which may be lost due to pwned websites https://haveibeenpwned.com/
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.