New Cryptolocker Attack!

Dear Sir/Madam,
In the last 48 hours through a fishing wave a new hazardous Cryptolocker starts to attack Turkish users. I hereby present related fake URL addresses, IP blocks and screen shots. Related fatal is added to Comodo forum and our automatic analysis system.

Please see below the detected fake URL addresses onwards attacks:

xxxx://turkcell1.com/f7a9qs7o.php?id=bmF6QGdva2NlLmF2LnRy
xxxx://iturkcell.net/u9j7rphw.php?id=Z29ya2VtLmdva2NlQGdva2NlLmF2LnRy
xxxx://turkcell24.net/klqxm94b.php?id=a3VicmEuY2VsaWtAaGl0aXRndW1ydWsuY29t
xxxx://turkcell-efatura.com/dbnugka.php?id=Ym9yYUBnb2tjZS5hdi50cg==
xxxx://companytutorial.com
xxxx://mycapitalinbox.net
xxxx://e-turkcell.net
xxxx://turkcell1.com
xxxx://iturkcell.net
xxxx://turkcell-efatura.com
xxxx://turkcell24.net
xxxx://turkcell-odeme.net
xxxx://firsttutorial.net
xxxx://listmail-guru.com
xxxx://turkcell24.org
xxxx://letterbusiness.com
xxxx://business-letterpro.com

Domain Info:
Domain Name: TURKCELL1.COM
Registrar: REGISTRAR OF DOMAIN NAMES REG.RU LLC
Sponsoring Registrar IANA ID: 1606
Whois Server: whois.reg.ru
Referral URL: http://www.reg.ru
Name Server: NS1.REG.RU
Name Server: NS2.REG.RU
Updated Date: 25-jun-2015
Creation Date: 25-jun-2015
Expiration Date: 25-jun-2016

Domain Name: turkcell-odeme.com
Domain idn name: turkcell-odeme.com
Status: clientTransferProhibited EPP Status Codes | What Do They Mean, and Why Should I Know? - ICANN
Registry Domain ID:
Registrar WHOIS Server: whois.reg.ru
Registrar URL: https://www.reg.com/
Registrar URL: https://www.reg.ru/
Registrar URL: https://www.reg.ua/
Updated Date: 2015-06-29
Creation Date: 2015-06-29T14:29:47Z
Registrar Registration Expiration Date: 2016-06-29

Best Regards,
Sarpkan TEKALEV
Technical Support Specialist
GeekBuddy Turkey

Thank you for the information SARTEK :-TU

Nice to see that Comodo got an eye on them!
Yesterday, one of my friend got an e-mail that is a fake Turkcell bill cryptolocker and all his files are encrypted by Cryptolocker.

Thank you Comodo for protecting me against those threats proactively!

Hi Yigido,

Thanks to you, our GB support team, our users and our containtment technology for sure. We need to be proactive and dynamic and we are. :-TU :-TU

Let us know if you have any further details about the issue.

Kind Regards
Buket

You see this is the power of containment.
Cryptolocker works like this:
1)Reads a file
2)Encrypts it
3)Overwrites the original file with the encrypted file
4)asks for ransom

With Comodo’s Containment technology…
Because any new unknown file goes into Containment, the cryptolocker will
1)Reads a file
2)Encrypts it
3)FAIL…(because in Containment you can’t change the data on hard disk, you can only change the data on a temporary hard disk we give you inside the container ;))
4)happy Comodo user

Nice!! :-TU

Thank you Melih :-TU This is the %100 solution against all kind of threats :love: :rocks:

Exactly, that is why Comodo is the strongest protection available today.
This is a new innovation in prevention.

I have rated these sites red on WOT.
Nice job Comodo. Right now these sites are mostly unrated, and I’d appreciate it if I got some help rating them from WOT members. Other than that, good job on tracking down these malware domains!