Tuesday, February 28, 2012

Malware spam: “Have you seen how much funds has Cameron spent on his new movie?”

Here’s a terse spam, leading to a malicious payload on cpredret.ru/main.php From: AlfredoMejiaGXInOZ@aol.com Date: 13 December 2011 04:20 Subject: I’m shocked! ��� Have you seen how significantly funds has Cameron spent on his new movie? What a graphics, go to the trailer! Apparently, it refers to James Cameron and not David Cameron. Payload site is [...]  See More..
at

BBB Spam / wonderfulyard.com

The BBB spam is Doing the rounds yet again, this time leading to a malicious payload at wonderfulyard.com/main.php?page=111d937ec38dd17e hosted on 81.17.140.161 (Velton.telecom, Ukraine). Blocking access to that IP address is almost certainly a great idea, I can’t vouch for the /24 that It is in though, but you'll want to block that too to be [...]  See More..
at

Google-funded study finds Firefox least secure browser, Chrome the best

a brand new research has tossed the huge browsers into the security mosh pit and decreed that Google’s Chrome comes in first, Microsoft’s Web Explorer pulls in at a close second, and Mozilla Firefox is bleeding a bit like a stuck pig. The research, released Friday by Accuvant Labs, identified that Firefox has four “unimplemented or [...]  See More..
at

NACHA Spam / downloaddatafast.serveftp.com

�much more fake NACHA spam, this time leading to a malicious payload site on downloaddatafast.serveftp.com/main.php?page=977334ca118fcb8c on 173.230.137.34 (Linode, US). Date:� ��� Tue, 13 Dec 2011 14:15:51 +0100 From:� ��� “LinkedIn” [linkedin@em.linkedin.com] Subject:� ��� ACH transaction not accepted The ACH transfer (ID: 82065701523728), recently initiated from your checking account (by you or any other person), was rejected [...]  See much more..
at

Microsoft offers free Windows phones to Android malware victims

require a free Windows Phone? Well, it turns out that you may be able to obtain one for free – all you have to do is tell Microsoft about the malware problems you’ve had with Android smartphones. Yes, that’s right. Microsoft’s latest social media Marketing and Marketing and advertising initiative is not to concentrate on the advantages of a [...]  See More..
at

you're able to download your Windows Vista License here / csredret.ru

A Windows Vista licence? No.. it’s malware from csredret.ru. From: sales1@victimdomain.com [mailto:sales1@victimdomain.com] Sent: 13 December 2011 05:14 Subject: Fwd: Order K93883696 very good morning, it is possible to download your Windows Vista License here - Microsoft Corporation The malicious payload is on csredret.ru/main.php hosted on 79.137.237.67 (Digital Network JSC, Russia aka DINETHOSTING). For about the billionth time in [...]  See More..
at

Free Costco Gift Card for all Facebook users? Scam spreads quickly

Scams are sadly a truth of life if you’re a Facebook user, and scammers are often dreaming up new lures designed to trick users into clicking and sharing their revenue-Making links. One of the schemes we typically see being utilised on Facebook is the “free gift card/voucher” scam, exactly where users are tricked into believing that [...]  See More..
at

Patch for the Zero-day vulnercapability employed by Duqu

It’s patch Tuesday, and Microsoft has just issued a patch for the zero-day vulnerability that was utilised by the Duqu malware found in October. To quote the bulletin: What does the update do?The update addresses the vulnerability by modifying the way that a Windows kernel mode driver handles Truesort font files. When this security bulletin [...]  See More..
at

Spam: “I found your pictures on my camera yesterday, remember me?” / csredret.ru

An additional spam run leading to a malicious payload on csredret.ru (as here) Date:� ��� Tue, 13 Dec 2011 10:19:58 +0200 From:� ��� “Tomi Mcrae” Subject:� ��� Hi! This is Tomi Finally I located your e-mail, I?m not positive No matter whether you bear in mind me, we?ve got terribly drunk, I located your pictures on my camera yesterday, bear in mind [...]  See More..
at

How young is as well young for Facebook and Gmail?

incredibly should there be a minimum age just before you'll be able to use social networks or have a Net email account? below Google and Facebook’s terms of services, you call for to be at least 13 years old. However, a lot of even younger girls and boys are probably developing use of the systems – with or with out the knowledge of their [...]  See More..
at

MSRT December: Win32/Helompy

The December 2011 edition of the MSRT includes detection and clean-up for the Win32/Helompy Family. Helompy might be a worm that propagates by copying itself to the root of removable drives, and its major payload is to record account credentials and login Info and send them to a remote server, exactly where the attacker could retrieve them [...]  See More..
at

NACHA Spam / badthen.com

considerably more NACHA spam, this time leading to a malicious payload on badthen.com. Stupidly (again) the NACHA email appears to come from linkedin.com. Date:� ��� Wed, 14 Dec 2011 05:36:48 +0900 From:� ��� “LinkedIn” [linkedin@em.linkedin.com] Subject:� ��� ACH transfer suspended The ACH transaction (ID: 137297301664), recently initiated from your bank account (by you or any other [...]  See considerably more..
at

“PAYROLL LOGS” Spam

This spam is obviously trying to do one thing evil, but I’m not really certain what. Date:� ��� Tue, 13 Dec 2011 15:23:00 -0600 From:� ��� “Helen Oconnell” [terminationsm@migtel.ru] Subject:� ��� 11122011 PAYROLL INDICES http://jazzon.nl/YK4VUSWQ.html Please access the URL under to reveal PAYROLL LOGS. It was submitted to you producing use of a Xerox WorkCentre. Pro ================================================================================================================== Confidential [...]  See More..
at

Malware shuts down hospital near Atlanta, Georgia

A hospital near Atlanta, Georgia was shutdown to all but extreme trauma circumstances on account of a malware outbreak on their network last week. On Wednesday Gwinnett Medical Center in Lawrenceville went on “total diversion” status after malware began spreading so quickly on their network that they were unable to efficiently rely on it. WSBT in [...]  See More..
at

Windows Phone 7.5 susceptible to SMS hack

Phones running Microsoft’s newly released Windows Phone 7.5 mobile operating method are vulnerable to Getting their text messaging service’s knees kicked off in a denial of service attack. The flaw is simple as pie to exploit: An attacker simply sends an SMS to a Windows Phone user. in accordance with WinRumors’s tests, Windows Phone 7.5 devices [...]  See More..
at

Telstra Bigpond users targeted in post-data-brevery phishing campaign

A phishing campaign targeting customers of Telstra Bigpond, Australia’s largest ISP, is urging users to confirm their billing Information or risk the suspension of their account. From: Telstra Billing To: duchess@ceinternet.com.au Subject: ADSL Service Cancellation Notice. Dear BigPond User, Telstra BigPond is sending you this e-mail to inform you that our service to [...]  See More..
at

Microsoft Releases 13 Bulletins to Close 2011

Microsoft released 13 bulletins nowadays instead of 14, as announced in the Patch Tuesday announcement several some days ago. in their final Patch Tuesday for the year, Microsoft addressed bugs in Windows, Internet Explorer, and Microsoft Office, while adding in a fix for DUQU in the bulletin MS11-087, that's also known as the DUQU [...]  See More..
at

Beware of Scam- RBI offering unclaimed cash by way of lottery.

The scam email is pretending to be from Reserve Bank of India (RBI) office, the email is considerably more crafted and Having several professionalism type of wording. Scammers are offering the unclaimed cash from none other than the Reserve Bank of India (RBI). This time they want you to feel that It is the RBI, [...]  See more..
at

NACHA Spam / financeportal.sytes.net

more NACHA spam this morning, this time the payload is at financeportal.sytes.net/major.php?page=111d937ec38dd17e on 174.140.165.90. Blocking the IP address rather than the domajor is most likely best as there may well be other malicious sites on that server. 174.140.165.90 is on Directspace LLC in Oregon who seem to have a critical problem with malware in the moment, I [...]  See more..
at

Spam: “Cuban car sale rise after law change” / csredret.ru

A weird spam, leading to a malicious payload on csredret.ru Date:� ��� Wed, 14 Dec 2011 03:50:19 +0900 Subject:� ��� Fwd: VIDEO: Cuban car sale rise after law change Hi, look in. VIDEO: Cuban car sale rise after law change csredret.ru is hosted on 79.137.237.67 at Digital Network JSC in Russia (aka DINETHOSTING). Blocking access [...]  See More..
at

Patch Tuesday December 2011

Microsoft finishes out this year of patching having a heavy release that’s all over place. whilst techs were notified of an anticipated 14 bulletins, 13 were released for the month of December. Headline grabbing events and code are addressed in one of them, and whilst fewer are labelled “Critical”, are they any significantly less important? many [...]  See More..
at

KISS’s Gene Simmons website DDoS attack: Suspected Anonymous hacker charged

When the website of rock star Gene Simmons fell victim to a denial-of-service attack for five days in October 2010, the legendary KISS front man vowed revenge. Yesterday, a 24-year-old man suspected of being linked to the Anonymous hacktivist group was arrested by the FBI in terms of the attack. Kevin George Poe, of Manchester, [...]  See More..
at

Hacker who bypassed Facebook security pleads guilty

A British student has pleaded guilty to charges that he breached security at Facebook earlier his year, despite arguing that his intentions were not malicious. York student Glenn Steven Mangham, 26, attempted to bypass security on the company’s internal systems, raising alarm amongst the FBI that industrial espionage was occurring, based on media reports. Mangham, [...]  See More..
at

Typosquatting – investigation reveals the genuine risks When you mistype a website’s name [VIDEO]

Admit it. You’ve made mistakes when typing in the name of a website. Your fingers fumble over eachother, and just before you realize it you’re not on google.com but goole.com instead. It’s an effortless mistake to create and – inevitably – There are folks waiting to take advantage of it. Security skilled Paul Ducklin has taken [...]  See More..
at

SMS Fraud is not distinctive to Android

Google is yanking several apps from the Android market after finding that they are fraudulent. Alalthough such apps are much more likely to be identified with Android than on rival platforms, the thought of fraud is an equal opportunity threat that extends far beyond Android mobile devices. First, a small background on the action [...]  See much more..
at

Adobe Zero-day Vulnercapacity Installs Backdoor – One more Targeted Attack?

When I read this blog entry a few days ago, the first question that entered my head was, “Is this Another targeted attack?”. I took a look at the .PDF discussed within the entry and it appeared to be a document addressed to employees of a sure defense contractor. Trfinish Micro Items detect this malicious [...]  See More..
at

FTC to refund rogue security software victims

The United States Federal Trade Commission announced that it will begin issuing remoney to 300,000 consumers that were victims of many rogue security software scams such as “Winfixer“, “Drive Cleaner” and “XP Antivirus“. The following is genuinely a list of Microsoft antimalware item detection names that are linked to the Winfixer family: Program:Win32/AdvancedCleaner Program:Win32/Antivirus2008 Program:Win32/Antivirus2009 Program:Win32/SpywareIsolatorProgram:Win32/WinFixer [...]  See More..
at

Inside Adobe Reader Zero-Day Exploit CVE 2011-2462

Recently a severe vulnercapacity has been discovered in Adobe Reader X and Adobe Acrobat X Versions 10.1.1 and earlier for Windows and Mac OS, Reader 9.4.6 and Reader 9.x Versions for Unix. This zero-day vulnercapacity (CVE-2011-2462) could allow an attacker to execute arbitrary code and silently take the control of a victim’s machine. This flaw [...]  See More..
at

how you can stay safe when traveling for the holidays

Heading home for the holidays? Brave soul! Between soaring free-ticket airline ticket scams and gadgets’ propensity to flop out of pockets or get snatched by the nimble-fingered, it’s a security jungle out there. in accordance with a brand new report from the Airlines Reporting Corp., there have been 82 incidents of unauthorized airline ticket issuance between August [...]  See More..
at

Tuesday, February 21, 2012

Google and EFF propose improvements to HTTPS as GlobalSign releases CA brequite report

Certificate authority GlobalSign, who was implicated as Having suffered a security breincredibly by the inwell-known “ComodoHacker”, have released their final report on the incident. **APPLAUSE** Not just is the report thorough and convincing, but it appears that GlobalSign took equite action, precisely as they need to have, both during and after the incident. The report’s conclusion? [...]  See More..
at

Carrier IQ: Requires additional Review

Carrier IQ, Inc. has received much more public attention within the past 60 days then it has within the previous five years that the company has existed. The software, Carrier IQ (CIQ), is analytics software designed to improve the finish user experience by providing Info such as dropped calls, service coverage and software crashes to wiremuch less [...]  See much more..
at

a brand new procedure to spread poisonous links though Facebook

This time, bad guys still use a not-new-script, which is spreading poisonous links although social networking site Facebook to cheat users into accessing phishing, malicious websites. The new trick of this campaign is the faking of YouTube plugin for Firefox and Chrome browsers. This shows hackers’ investment, close following-up and continuous changes. Hackers convince users [...]  See More..
at

FDIC spam / sownload.zapto.org and 63.223.78.19

The spam tsunami continues today having a set of new malware URLs to block. This one allegedly comes from the FDIC within the US. Date: Fri, 16 Dec 2011 04:12:15 +0400 From: “Freeman Ballard” [Freeman.Ballard@campioni.info] Subject: URGENT! Security technique updates Dear Sirs, to be able to prevent new instances of wire fraud, we [...]  See More..
at

Fake Facebook spam / caredret.ru

more toxic spam. Date: Thu, 15 Dec 2011 11:52:56 +0700 From: Facebook [notification+VGNDUO7NQM4R@facebookmail.com] Subject: LUCY Snow wants to be frifinishs on Facebook. facebook LUCY Snow wants to be frifinishs with you on Facebook.  LUCY Snow Confirm Frifinish Request  See All Requests This message was sent to victim@victimdomain.com. ought to you don’t [...]  See more..
at

Checking the Legitimacy of Android Apps

The Android business was once once more infiltrated by malware, as a handful of premium service abusers (which we detect as ANDROIDOS_RUFRAUD.A) posed as legitimate apps were uploaded to the site. some users were able to install the malicious apps ahead of Google took them down- a rapidly reaction on account of the fast responses from vigilant [...]  See More..
at

NACHA Spam / evrymonthnighttry.com and glasseseverydaynow.com

more NACHA themed spam this morning that redirects victims via a hacked legitimate site to a malware laden page, this time hosted on evrymonthnighttry.com or glasseseverydaynow.com. These sites are hosted on 46.183.217.119 (Dataclub, Latvia). I can’t see anyfactor at all of value in 46.183.216.0/21 so blocking access to all of that range may be prudent. [...]  See more..
at

2012 Security Trends

2011 is coming to an end, so now it’s time to try to see what we have to expect for the next 12 months: Social networks: Social engineering approaches exploiting users’ weaknesses have become the leading attack method in social networks. Trending topics such as the Olympics or the next US Presidential elections will possibly be [...]  See More..
at

Beware Nanny / Au Pair scams spread through spam email

It’s time to hang up my spurs as a Naked Security writer, as I have been offered an exciting new career as a nanny! I must admit it took me by surprise when the email offering me the position arrived in my inbox, but when I read the details of the job they were offering [...]  See More..
at

AVG World wide web threat weekly update – Week 50

1. “YouTube Premium plugin” scams spreading on Facebook On the Facebook/YouTube scam front this week we came across phony posts that led to the usual survey sites, but as well a brand new and potentially malicious YouTube Premium plugin (for Firefox/Chrome). The video offered is of an uncommonly nicely endowed Italian model and Tv hostess, Marika Fruscio, [...]  See More..
at

Controversial SOPA bill get considerably more heat from Net giants YouTube, Google and Wikipedia

right now is the day that the United States Stop on the internet Privacy Act (SOPA) is scheduled to be voted on. Lamar Smith, a Texas republican, drafted the bill to address the film and music industry’s increasing concerns around on the internet piracy. SOPA would effectively allow each the US government and copyright holders to seek court orders against [...]  See More..
at

Ellen DeGeneres fans targeted in bizarre Facebook scam

Facebook fans of American talk show host Ellen DeGeneres have been targeted by a scammer posing as her manager. in accordance with the Hollywood Reporter, producers of The Ellen DeGeneres Show have filed a lawsuit against an anonymous individual, who – It is alleged – created fake email accounts too as a Facebook profile in the name [...]  See More..
at

Android/Foncy emanating and propagating in France

It doesn’t happen that frequently altogether that mobile malware specifically come from France and propagate in France. It However seems to be the case this time for an Android malware named Foncy – not that there should be any national pride in Producing malware.Foncy has first been spotted by Denis Maslennikov. It is a dialer, [...]  See More..
at

Spam campaign uses Blackhole exploit kit to install SpyEye

This post was written in collaboration with my colleague Jean-Ian Boutin. The Wigon botInternet (too known as Cutwail) is being utilised in a large spam campaign. A multitude of ruses are utilised to obtain the user to click on a link: fake LinkedIn or Facebook notifications, free Windows licenses, fake deliveries etc. The links are [...]  See More..
at

Facebook provides security and privacy whistleblowers a red card

In a bizarre move by Facebook, a blog which has highlighted security and privacy items on the social network has located itself banned, preventing the spread of news, opinion and advice. The “Unofficial Guide to Facebook Privacy and Security” blog, which within the past has uncovered security items such as Facebook’s own help center being [...]  See More..
at

Internet Explorer to upgrade automatically, unmuch less you say no

Microsoft’s Ryan Gavin announced a new program to keep the net safe… keep your Internet Explorer up to date. It is fairly good news for Windows users who don’t get pleaconfident from the importance of staying up to date. Microsoft has been struggling with browser stragglers for years. They even ran their incredibly own campaign comparing IE 6 to [...]  See More..
at

A dozen predictions for 2012

although I share the reluctance of my colleagues to predict the future, I believe you will find several trends that may well well be classified as “reasonably likely to occur” in 2012. I make no promises, but here’s what I believe we will see, in no particular order of importance or certainty. We will see increased interest in [...]  See More..
at

Researchers: Google gamed browser report that dissed Firefox

Security researchers at NSS Labs have charged Google with gaming the methodology and timing of a recent, Google-funded analysis of browser security – one that placed Mozilla Firefox lowest on the totem pole when compared with security in Google Chrome and Microsoft Web Explorer. NSS on Tuesday released a report on the browser evaluation, which [...]  See More..
at

Prevalent Exploit Kits Updated with a brand new Java Exploit

Until recently, most of the vulnerabilities exploited by Well-liked exploit kits were found last year or even earlier. Moreover, it would take authors at least a month to update their kits with the new exploits that had been found within the wild. However, within the past few weeks, authors released an updated version of their [...]  See More..
at

New Facebook spam video- “Yeah! it occurs on live television”

a brand new spam is spreading on Facebook that is similar to earlier scam of Marika Fruscio scam. The new spam is using the same image for the video which was used earlier. The re-appearance of such scam means thin the scammers are using the same old trick but with the link to new Net page. [...]  See More..
at

Unintended Consequences: How SOPA could threaten World wide web security

On Thursday, the U.S. house of Representatives discussed the Stop on the web Piracy Act (SOPA), a proposal that would give the U.S. Government new tools to fight the on the web sale of infringing or counterfeit goods.Trend Micro is aware of the ongoing legal and policy complexities involved in balancing protection of intellectual house rights with censorship concerns, [...]  See More..
at

New zero-day vulnerabilities discovered in Flash Player

What has been found?Two new vulnerabilities in Adobe’s ubiquitous Flash Player have been found and allegedly can be employed to an arbitrary code execution remotely. Essentially these vulnerabilities could allow someone to remotely seize control of a PC without the consent of the owner.Who found these exploits? The exploits were found by a Russian vulnerability research [...]  See More..
at

‘We could hack the Queen’s medical records if we wanted’

It’s a story which has the possible to create the scandal over the hacking of celebrities’ mobile phone voicemails seem like small potatoes. BBC Radio 4 has broadcast a documentary claiming that computer hackers were used by the British press to spy on politicians as well as the military. based on the programme, the illicit mining of [...]  See More..
at

Facebook credit score?

We recently noted that the data broker industry, in conjunction with social media outlets will turn into increasingly relied upon as a type of shadow credit score for judging candidates’ qualifications. Now we see a startup that uses your Facebook profile directly to determine a “credit score” used for microloans. We hear horror stories of lost [...]  See More..
at

NACHA Spam/ ragsnip.com

Yet One more round of fake NACHA spam leading to malware is Doing the rounds, this time the payload is on ragsnip.com/main.php?page=111d937ec38dd17e hosted on 207.210.96.226 (Global Internet Access LLC, Atlanta). Blocking access to the IP is preferable to the domain as there can be other malicious domains on the same server. An example spam email from [...]  See More..
at

Visa looks into Eastern European security breach

Visa is investigating a prospective security brequite and equite that will have compromised payment cards of Eastern Europeans. Although Visa hasn’t disclosed which countries were hit, the Romanian state-owned CEC Bank has blocked and reissued 17,000 cards on suspicion that they had been compromised. CEC Bank said in a statement that “a number” of cards issued by [...]  See More..
at

The Sykipot Campaign

Last week reports surfaced about a “zero-day” exploit for Adobe Reader (CVE-2011-2462) that had been actively used in targeted attacks beginning in November. The malicious PDFs were emailed to targets along with text encouraging the target to open the malicious attachment. If opened, the malware known as BKDR_SYKIPOT.B installs onto the target system. The reported [...]  See More..
at

Zeus Spam Changes Tactics

McAfee Labs Messaging Security recently observed a brand new malicious spam campaign pushing password-stealing Trojans associated with the Zeus/Zbot family. This campaign leverages many notable social engineering techniques. For admins and netizens familiar with contemporary email-borne threats, a message purporting an undeliverable DHL, FedEx, or USPS package triggers an immediate red flag. though still prevalent, those [...]  See More..
at

Security Advisory for Adobe Reader and Acrobat!

A critical vulnerability has been located in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of [...]  See More..
at

Lady Gaga’s Facebook page hit by iPad scam

A scam claiming to offer free iPads has appeared on the Facebook page of pop phenomenon Lady Gaga. With over 45 million fans on Facebook, the scammers must have been rubbing their hands in glee – imagining just how many individuals may well well click on the link without having thinking. Lady Gaga's new iPad comes out in [...]  See More..
at

Sunday, February 19, 2012

Disorderly conduct: localized malware impersonates the police

We have recently seen the emergence of numerous samples of a ransomware family members localized into distinct languages. Malware that relies on localized social engineering tactics has been around for a few years, as we discussed in our two-part series on Program:Win32/Pameseg, and as evident within the surge of password stealers targeting Brazilian on the internet banking websites. [...]  See More..
at

Scam: “Careerquickly Staffing” / careermanagement.com.ua

This is One more take on RockSmith Management scam, linked to these dodgy work-at-house sites, apparently with an Australian connection. Date: Mon, 26 Sep 2011 05:48:19 +0530 From: “Terence Mooney” [terence.mooney@voicecom.co.za] Subject: Reminder: Employment opportunity Followup Hello Thank you for submitting your Information for potential employment opportunities. We look forward to reviewing your [...]  See More..
at

FDIC spam / splatstack.net

much more FDIC spam leading to malware, this time at splatstack.net. Date: Mon, 19 Dec 2011 05:32:49 -0600 From: “Greta Bullock” Subject: Blockage of your transactions Attn: economic Department By this message we would like to inform you concerning the latest amendments in the Federal Deposit Insurance Corporation coverage rules. throughout the period [...]  See much more..
at

DHL malware spam / secure.dhldispatches.com

This DHL themed spam leads to malware: From: DHL Express Sent: 19 December 2011 10:03 Subject: DHL Express Dispatch Confirmation Order number: 9672834463 Your order has now been dispatched and your DHL Express air waybill number is 9672834463. To follow the progress of your shipment and print invoice for your records, please pay a visit to : [...]  See More..
at

Rumors of Facebook Timeline Troubles

Facebook has started rolling out its new Timeline profile and over the weekend, here in Finland, there were a few reports that private messages are being posted to users’ profiles. We have seen no solid evidence of this. And because Facebook’s Finnish translation is far from perfect, the whole factor could just be a misunderstanding. [...]  See More..
at

Hacked WordPress pages reveal prospective time bomb – Injected code is “hidden” and can strike at attacker’s will

The injected code in the present circumstances is

คลังบทความของบล็อก