Thursday, May 24, 2012

Eat for free at Pizza Hut!? It’s a Facebook scam

Beware of links being spread on Facebook that claim you are able to eat for free at Pizza Hut. Don t be fooled into believing that you are able to receive a free pizza coupon, as This is just the latest scam spreading on the site close on the heels of similar campaigns claiming to offer a free coffee at  See More..

That package at the Royal Mail office? It’s malware

Cybercriminals have spammed out malware, posing as an email from the Royal Mail. The emails, which claim that a package has been returned to the Royal Mail office, pretend to come from official-sounding addresses such as customer@royalmail.com or customer_service@royalmail.com. Opening the attached file could lead to your Windows computer being infected by a Trojan horse.  See More..

Federal Trojan’s got a “large Brother”

About two weeks ago, the German Chaos Computer Club (CCC) has published an investigation report of a backdoor trojan that they claim had been used by German police during investigations to be able to capture VoIP and IM communication on a suspect s PC. Our friends over at F-Secure published a blog article last week where they  See More..

WebPulse Hits One Billion

As a kid, I loved to lay on the grass at night and stare in the stars. Even though I knew of a couple of constellations, I would try to find new patterns among the billions of stars. New connections. New meaning. As WebPulse hit one billion requests in one day, it reminded me of those days  See More..

Duqu – StuxWorld wide web 2

large news today. a brand new backdoor created by someone who had access to the source code of StuxWorld wide web has been found. StuxWorld wide web source code just isn't out there. Only the original authors have it. So, this new backdoor was created by the same party that created StuxWorld wide web. For a refresher on StuxWorld wide web arguably the  See More..

W32.Duqu: The Precursor to the subsequent Stuxnet

On October 14, 2011, we were alerted to a sample that appeared to be very similar to StuxWorld wide web by a investigation lab with strong international connections. They named the threat Duqu [dy�-ky�] as a result of the fact it creates files with the file name prefix ~DQ . They provided us with samples recovered from computer systems identified in Europe and  See More..

Most embarrassing moment ever in Beauty Contest – Facebook Scam

Scam Signature Message:Most embarrassing moment ever in Beauty Contestamazinvids1.tkPoor girl makes the biggest mistake of her life on a live Beauty contest!!.Scam Type:Survey ScamTrending: October2011Why it s a Scam:Clicking on the Wall post link takes you to the following page:you are required to share the scammer s message ahead of clicking play. This causes the extremely same message  See More..

The Day of the Golden Jackal – The subsequent Tale in the StuxWeb Files: Duqu

StuxNet was maybe almost certainly the most complex attack of this decade, and we expected that further similar attacks could be developed in the near future. one thing for confident is thin the StuxNet team is noNetheless active as recent evidence has revealed. McAfee Labs received a kit from an independent team of researchers.This kitis closely related  See More..

Spamvertised IRS-themed “Last Notice” Emails Serving Malware

Cybercriminals are once once again impersonating the Internal Revenue Service (IRS) for malware-serving purposes. In this intelligence brief, we ll dissect the malware campaign. Spamvertised attachment: IRS_Calculations_#ID6749.zipSpamvertised message: Notice, There are arrears reckoned on your account over a period of 2010-2011 year. you'll be able to find all calculations in accordance with your financial debt, enclosed. You have to pay  See More..

Phishers Promote Indonesian Rock Star

Thanks to the co-author of this blog, Avdhoot Patil. in the month of January 2011 Symantec reported adult scams that targeted Indonesian Facebook users. These scams claimed to have an application in which users could view adult videos of Indonesian celebrities, taken from hidden cameras. It seems that phishers are now utilizing specific celebrities as  See More..

Facebook Encourages Developers to Build ‘Private Mode’ and Other Sharing Controls into Apps

Facebook introduced frictionless sharing at the F8 conference last month. The standard premise behind frictionless sharing is that an application is granted permission to publish to a user profile once and doesn t have to ask for permission again. As expected, multiple Facebook users had a big problem with the oversharing potential this new feature presents.  See More..

Yet another Bing advert to steer clear of…

Here s an advert in Bing which wants you to install a few adwarediscovered at chrome(dot)freewarecentral(dot)Net it was coming up in outcomes when searching for Chrome download . Click to Enbig As with most of these downloads, the site is reasonably convincing: Click to Enbig Hit the install button, and you ll be faced with the following Pinball  See More..

Google Search to Have Default Encryption

Google is rolling out over the subsequent week default encryption making use of SSL (Secure Sockets Layer) on searches for users signing in with their accounts, the enterprise said Tuesday. The move comes over a year after Google made SSL the default setting for Gmail, and as well introduced an encrypted search service. (See as well How to make  See More..

Duqu, son of StuxNet raises questions of origin and intent

Early right now Symantec published an inside look at a new targeted malware attack called Duqu. This may well not be essential news if it weren t for its ties to StuxNet. Early analysis of Duqu shows it has evolved from the StuxNet codebase. We shouldn t jump to conclusions that it was developed by the same authors, but  See More..

TDL4 rebooted

ESET researchershave been tracking the TDL4 botWorld wide web for a long time, and now we have noticed a brand new phase in its evolution. Depending on the analysis of its components we can say that a few of those componentshave been rewritten from scratch (kernel-mode driver, user-mode payload) while a few (specifically, a few bootkit components) remawithin the sameas in  See More..

Twitter phish DMs nonetheless really considerably alive and kicking

Just a heads up that a Well-liked Twitter phish is still Performing the rounds: Click to Enhuge located a funny picture of you! mugweb(dot)ru Clicking the link takes you totwittelr(dot)com/verify-/session/login-/ Click to Enhuge In case you enter your details at this point, you ve been phished and can expect to see your personal account spamming junk at  See More..

Beware of fake websites stealing credit card information

people usually uses credit cards online to buy Goods but numerous people fail to validate the site address and proceed with submitting sensitive Info such as card numbers. Attackers can then steal credit card Info and as well the associated CVV number. Here is an example of one such fake website, hosting supposedly free services  See More..

Mac Trojan Disables XDefend Updates

There s a couple of thing new brewing in Mac malware development (again). Recent analysis has revealed to us that Trojan-Downloader:OSX/Flashback.C disables the automatic updater component of XProtect, Apple s built-in OS X anti-malware application. First, Flashback.C decrypts the paths of XProtectUpdater files that are hardcoded in its body: Flashback.C decrypts the path of the plist file of XProtectUpdater Flashback.C  See More..

Researcher who discovered security flaw threatened by firm he was trying to help

South of the Equator, a yawning security hole is swirling responsibility backwards to the bug finder. It surely amounts to the Coriolis effect. Yes, children, it s true: In Australia, flushing insecure bugs out of the toilet drain of investment fund companies outcomes in all of the responsibility flowing counterclockwise, completely opposite to that of rational Northern  See More..

Sweden is under attack – mass infection and new exploits!

World wide web based threats such as malicious links on social medias, infected World wide websites and malicious ads are terms that we read about quite often. We security experts have for quite several time tried to emphasize the importance of protecting both your World wide website and computer from being infected, since these malicious World wide websites often exploit client vulnerabilities. These  See More..

Are “Offerwalls” siphoning your own information?

A relatively new development in app Marketing and advertising has a concerning feature. It leeches a lot of the same Information that many Android Trojans also steal. by indicates of an app promotion campaign, a new feature called offerwalls are used by Pay Per Install (PPI) services to promise further adchoice and revenue for app developers. But what is the  See More..

Mac malware evolves – time for Apple owners to wake up

Mac users have once again been reminded not to be complacent about the malware threat, with the discovery that cybercriminals have enhanced an existing Trojan horse to disable the rudimentary anti-virus protection Apple has built into Mac OS X. Despite the growth of Mac malware in the last 12 months, multiple users are still not  See More..

Has Siri left your iPhone 4S unlocked?

Apple s new Siri feature, the voice-activated personal assistant built into the iPhone 4S, leaves owners spanking new smartphones partially unguarded. Those of us who work in the security arena have frequently banged on concerning the importance of securing your smartphone using a password or passcode to prevent unauthorised access. Most mobile phone manufacturers have recognised  See More..

LoadDLLViaAppInit 64-bit

multiple of my security tools are DLLs. ought to you want to make use of these tools inside a 64-bit procedure, you re stuck, because it is potential to t use 32-bit DLLs inside a 64-bit procedure (and vice versa).LoadDLLViaAppInIt is a tool I released to load DLLs inside selected procedurees. ought to you want to make use of this 32-bit version of LoadDLLViaAppInit on  See More..

Duqu FAQ

This is truly an active analysis by Kaspersky Lab s Global research analysis Team. We will probably be updating this FAQ document as necessary. What exactly is Duqu? How is it related to StuxWeb? Duqu is truly a sophisticated Trojan which seems to have been written by the same men and women who created the inwell-known StuxWeb worm. Its main  See More..

Francopol 2011 Shows Off Cybercrime Savoir-Faire

Last week, I attended the Francopol conference on cybercrime in Nicolet, Canada, inside the impressive Quebec National Police School. As in 2010, I was impressed by the sessions and speakers taking part. Here are a few elements I would like to share with you.A part of the talks approached the techniques employed on the web by suspects to  See More..

Keeping Tabs on the next STUXNET

The security industry is currently buzzing with talks about a threat dubbed as the precursor to the next STUXNET.according to a Symantec analysis, portions of the code are extremely similar to STUXNET, and was likely written by the same cybercriminals as the famous threat. Unlike STUXNET, however, Duqu doesn't have code that suggests it  See More..

research of compromised Web sites – hacked PHP scripts

issues have been pretty busy lately as far as Web attacks ago. Over the past few weeks we have seen multiple large spikes of threat detections, corresponding to diverse waves of mass defacement attacks against legitimate Web sites. Pages on the hacked sites are frequently injected with iframes (or scripts that add iframes), which explains  See More..

Oracle critical Patch Update October 2011

Overshadowed by the Duqu madness yesterday, Oracle released a slew of serious updates (please see Related Links within the right column of this page). Most interesting, but possibly with small impact, is the Java SE BEAST update. Oracle claims to have pushed 57 diverse fixes across their item lines, including patches for Java and their  See More..

Security 101: Vulnerabilities, Part 2

In my last write-up we discussed one of the most harmful type of vulnerabilities that we classify at McAfee Labs: remote code execution and denial of service. Today, we ll talk about vulnerabilities that are not so harmful, those we classify as Medium or Low Risk. These threats nonetheless call for our attention since they can develop a chain  See More..

Thursday, May 17, 2012

Security 101: Vulnerabilities, Part 2

In my last write-up we discussed essentially the most dangerous kind of vulnerabilities that we classify at McAfee Labs: remote code execution and denial of service. Today, we ll talk about vulnerabilities which are not so dangerous, those we classify as Medium or Low Risk. These threats still demand our attention simply given that they can develop a chain  See More..

Duqu – StuxInternet 2.0

The security industry is buzzing nowadays after Symantec released a whitepaper on a threat known as Duqu. What s interesting about Duqu is that it s heavily Based on the StuxNet source code, a worm that targets industrial control systems (ICS). The StuxNet source code has never been made available publicly; it s only available to the original  See More..

Mobile threats on the desktop

The MMPC has been routinely monitoring threats (by indicates of the desktop) that affect different mobile platforms such as Symbian, Java ME, Android, RIM, iOS and Windows Mobile. One of the increasingly Common ways we see mobile devices being compromised is by allowing the user to download and install applications independently. This is since the consumer cannot  See More..

Facebook security updates – how to make your account more secure

Facebook has recently updated their security settings. In this How-to we highlight a couple of of the updates and the security nuances to assist you stay on top of your account security settings. Paul Laudanski blogged concerning the subject aalthough back, ought to you ought to have to reference that security primer. When you login to your account, you will  See More..

Fake free AVG download sites

Fake antivirus sites are a quite Well-liked method to trick people into installing malware on their computers. One more method is to repackage Popular software with adware or malware, and offer them for download. AVG may well be a Popular Antivirus vendor that gives a free version of it s item at http://free.avg.com/. Rather than Getting dollars by bundling  See More..

IPAbuseCheck: Clients Abutilizing Net Proxies

IPAbuseCheck was designed to provide a simple, free Web interface to query your IP addresses against a database that we have built containing unauthenticated IP addresses that have attempted to forward abusive or unwanted traffic by way of one or far more of our proxies. The database contains abusive IPs located from July to present, and contains properly  See far more..

RunInsideLimitedJob 64-bit

RunInsideLimitedJob could be a tool to sandbox applications by containing their approach inside a limited job object. There are 2 versions of my RunInsideLimitedJob tool: a .EXE along with a .DLL.As a 32-bit executable, RunInsideLimitedJob.exe is perfectly capable of launching a 64-bit application contained in a limited job object.But the 32-bit RunInsideLimitedJob.dll can t be loaded inside a  See More..

Phishing page hacked, turned into PSA on the dangers of phishing

Here s one thing you don t see extremely often. severalone possibly the recipient of the below phishing mail while Having a Falling Down style day in the Office decided enough was enough and set out to hijack the phishing site they were sent to. This is the email that started it all: Click to Enbig  See More..

Fake jobs: canada-newjob.com, netherlandjobb.com and newjobrecruit.com

One more bunch of domains being utilised to peddle fake jobs:canada-newjob.comnetherlandjobb.comnewjobrecruit.comThese domains form part of this long running scam. you will find thin the emails appear to come from your own email address (here s why).The domain registrant details are no doubt fake: Adolf Nureng Email: adolfnureng@yahoo.dk Organization: Adolf Nureng Address: Spellingevej 3 Ro City: Gudhjem State:  See More..

Deobfuscating malicious code layer by layer

write-up written by David Sanchez Lavado This post explains the way to analyze the malicious code used in current Exploit Kits. you will find many methods to analyze this kind of code, and you will find tools that do most of the job automatically. However, as researchers who like to recognize how issues work, we are going  See More..

New attack vectors leading to digital pickpocketing of digital wallets

AVG s latest Q3 2011 Community Powered Threat Report has highlighted the prevalence of a brand new breed of cybercrime attacks being launched against users digital wallets to target the new credit currencies in widespread usage on the Internet. As individual users and organizations alike now start off to trade in the currency of the internet , cyber criminals  See More..

the best way to learn equite little thing that Facebook *really* knows about you

Max Schrems, a 24-year-old law student from Vienna, a meticulous document requester and researcher, is now sitting on a pile of 1,200 pages that comprise his personal-data Facebook dossier. He secured the data by creating use of a European requirement that entities with data about individuals make it available to those individuals if they request it. After  See More..

The Mystery of Duqu: Part One

extremely first of all, we feel it necessary to clarify a few of the confusion surrounding the files and their names related to this incident. to obtain a full Learning of the situation you only have to know that we re talking about just two malicious programs here (at a minimum) the key module along with a keylogger.  See More..

Gaddafi Death Rumours sure to Spark Spam

Websense ThreatSeeker Network has been tracking anongoing spam campaign relating toreports of Libyan leader Colonel Gaddafi s death.We have been monitoring related spam campaigns about Gaddafi for a while now, along with the recent rumours of his death as stated here on Reuters seem to have raised the bar a small with aninflux of such spam.  See More..

Duqu malware spurs new Stuxnet-design conspiracy theory

The news wires have been abuzz for the past few days with stories of a brand new StuxInternet . This son-of-StuxInternet malware goes by the orthographically curious name of Duqu. (based on Symantec, Duqu got its name since it creates files with the file name prefix ~DQ . On those grounds, Duqu is genuinely a silly name. It very should  See More..

iPhone spyware can snoop on desktop typing

A team of researchers at Georgia Tech have demonstrated how they were able to spy on what was typed on a typical desktop computer s keyboard through the accelerometers of a smartphone placed nearby. Normally when security researchers describe spyware on smartphones, they mean malicious code that may be utilized to snoop on calls, or to  See More..

OFT Warns Debt Collectors to Stop employing Facebook to Locate Borrowers

To debt collectors all over the world, Facebook has turn into a veritable fount of Info that makes their job a lot easier. In the event you were a debt collector and one of your borrowers had suddenly gone AWOL easy, all you have to do is to lay in wait until he updates his Facebook page. Even  See More..

Remove Unused/Testing/Debug Software From Your Site

We often see sites hacked as a result of vulnerabilities in diverse tools. In most cases, site owners don t even understand they are there, or don t even remember they were installed. For example, a site owner/manager has to create a quick modification in the database and installs phpMyAdmin, a few months (or even years) later their site  See More..

Dissecting the Ongoing Mass SQL Injection Attack

The ongoing mass SQL injection attack, has already affected over a million Web sites. Cybercriminals Performing active search engines reconnaissance have managed to inject a malicious script into ASP ASP.World wide web Websites. From client-side exploits to bogus Adobe Flash players, the campaign is active and ongoing. In this intelligence brief, we ll dissect the campaign and establish  See More..

Gaddafi and Search Poisoning: feel prior to clicking on search results

Scam artists and cyber-criminals welcomed right now s news of the demise of Libyan leader Muammar Muhammad Abu Minyar al-Gaddafi (frequently referred to as simply Gaddafi or Gadhafi). Why? since few events fuel World wide web search activity as a lot as the death of a well-known or inwell-known person, although celebrity weddings and divorces are as well a large search driver.It s a  See More..

Notes on the Urchin Site-injection Attack

Last week (10/12), Armorize announced a brand new mass site-injection attack, which they had begun tracking on the 9th. Briefly, the attack involves an injected link to an attack domain (originally jjghui.com; the newer injections use either nbnjki.com or nbnjkl.com), which references a file called urchin.js. (For folks who don t know, Urchin produced the original version  See More..

StuxWorld wide web v2 or TR/Duqu

The StuxNet virus has gone to the next generation: TR/Duqu . Avira already detects the new malware since VDF 7.11.16.63, which was released on 2011-10-19. The new variant of StuxNet consists of 3 major files: a driver file (at this time we can discern between 4 slightly different versions) an encrypted DLL an encrypted configuration file  See More..

Shop for free at ASDA? Free ASDA Gift Card Facebook scam spreads rapidly

Hot on the heels of similar scams involving Pizza Hut, and free coffee at Tim Hortons and Starbucks, messages are spreading rapidly between Facebook users about alleged ASDA Gift Vouchers, offering free shopping to celebrate the British supermarket chain s birthday . Here s a typical message: Shop For FREE at ASDA - FREE ASDA Gift Card ?[LINK]  See More..

Gaddafi search poisoning

Here s an example of search poisoning somewhat similar to that predicted by Stephen Cobb developing use of the death of Gaddafi as a hook, noted by our colleague Raphael Labaca Castro, of ESET Latin America. The original blog is in Spanish. Raphaelreports an email that comes with the following title (in Portuguese, suggesting that Brazilian Net users  See More..

Galaxies Collide

Duqu contains a backdoor that steals Informationrmation. Informationstealers call for to sfinish the stolen Information back somehow. Careful Informationstealers try to make the transfer look innocent in case somebody is watching network traffic. Duqu hides it s traffic by Generating it look like typical Web traffic. Duqu connects to a server (206.183.111.97 aka canoyragomez.rapidns.com, which utilized to  See More..

Malware attack poses as bloody photos of Gaddafi’s death

The death of Libyan dictator Colonel Gaddafi has almost inevitably resulted in cybercriminals taking advantage of the news story, along with the general public s seeming interest in viewing ghoulish photos and videos of his last moments. Malicious hackers have spammed out an attack posing as pictures of Gaddafi s death, tricking users into believing that they came  See More..

RBC Royal Bank Phish Wading in the Wild

Our researchers in the AV Labs just netted one of the latest phishing attempts that prey on clients of the Royal Bank of Canada (RBC) or RBC Royal Bank. below is the screenshot of the email phish being spammed within the wild: Click to enmassive This email from RBC on the internet masqueradesas an alert notification message regarding  See More..

Free Argos gift card for Christmas? It’s a Facebook scam

Yet An additional scam is spreading quickly on Facebook, this time claiming to offer a free ?500 Argos gift card to British shoppers. Free ?500 Argos gift cards for Christmas [LINK] As It is coming up to Christmas we have decided to give away 250 ?500 Argos gift cards. The scam follows the highly prevalent ASDA gift  See More..

Guess what happens to the data you “Delete” on Facebook?

it is prospective to find altechniques things that we don t require to have on Facebook. Gossipy conversations, embarrassing photos, controversial status updates most people have had their fair share of such things. the best way to deal with them is frequently to just click the delete button. After which, we can go back to living normally and  See More..

Saturday, May 5, 2012

Duqu Status Update #1

As mentioned in our previous blog, W32.Duqu was initial brought to our attention by a research lab who had been investigating a targeted attack on One more organization. This research was conducted by the Laboratory of Cryptography and system Security (CrySyS) inside the Department of Telecommunications, Budapest University of Technology and Economics. CrySyS discovered the infection  See More..

The state of cyber security – Join Sophos at the same time as the NCSA in Washington DC

I would like to invite all of our readers to an event October 27th, The State of Cyber Security, in Washington DC hosted by the National Cyber Security Alliance and Sophos. I am proud to be speaking in the event along with Michael Kaiser, executive director of the National Cyber Security Alliance and Rob Strayer,  See More..

ZeroAccess’s trick – A wolf in sheep’s clothing

In previous post, my colleague talked about new approach to inject virus codes into other typical processes as a approach to bypass firewall s detection. by way of the continuous investigation of ZeroAccess, we discovered there re a couple of improvements for this series of anti-detection and anti-debug methods. And what s most interesting is ZeroAccess seems to quite like lsass.exe. It frequently  See More..

The Rise and Fall of Anonymous

Following my previous blog on Francopol 2011, here are a few data and slides from my own talk on the Anonymous Group.Anonymous circles are not the only component of hacktivism, merely a loose collection with the highest media profile. Other representatives of this informal protest movement contain the Indignants, who use social networks around the world  See More..

iOS 5 introduces security challenges and flaws

A small over a week since Apple released iOS 5, I concept I would review a couple of of the new functionality and security on the platform in general. I started by revisiting the encryption Apple promises and Whether or not they have fixed The problem that I first wrote about in may possibly 2010. in accordance with the iPad in  See More..

Urchins, LizaMoons, Tigers, and Bears

In early April, I wrote concerning the famed LizaMoon SQL-injection attacks.I said it then, and I ll say it once more now: SQL-injection (SQLi) attacks are a constant.several of these attacks are much more visible than others.several adversaries find intelligent ways to hide their tracks so as not to splatter evidence of their misdeeds all over various search  See much more..

Ongoing investigation of the internet infection

all by indicates of the last couple of days I have together with Yury Namestnikov been investigating the extremely high numbers of infected websites. It all began when I was going by indicates of local statistics for Sweden and saw an increase of a positive JavaScript redirector, and too new detections on new variants for Java, PDF and Flash exploits.  See More..

There’s far more than one technique to skin an orange.

?with regards to attacking a program, and compromising its data and/or resources, it is possible to find numerous different approaches that an attacker can choose. One of the a lot more effective techniques to make a successful compromise is to take advantage of perceived vulnerabilities in the targeted program. A vulnercapacity refers to a characteristic of a program that  See a lot more..

Java Malware Reconsidered, or, Java Brews a Fresh Bot of Malware

At Virus Bulletin 2011, we presented on the exploding level of delivered Java exploits this year with Firing the roast Java is heating up again . We examined CVE-2010-0840 exploitation in detail, along with variants of its most Well-known implementation on-line and several tools and Concepts for analysis. Microsoft s security team presented findings  See More..

Duqu: Updated Targeting Information

I wrote Symantec s original blog write-up describing the discoquite of Duqu. In that blog I use the term "industrial control method manufacturers" and (after discussions with a variety of parties) we need to change that term to "industrial industry manufacturers" to more accurately define where Duqu has been found. We already made this change to  See more..

Satanbot Employs VBScript to make Botnet

Malware is on the rise. at the beginning of 2008, our malware collection had 10 million samples. nowadays we have already surpassed 70 million. Most of the malicious samples are Trojans (backdoors, downloaders, fake alerts), but There are as well many viruses, worms, and bots that in a short time can infect multiple computers  See More..

Shadow Profiles: Does Facebook produce Them?

The group Europe v. Facebook seems to have opened a floodgate of disturbing revelations against Facebook, one of them being the possibility that Facebook creates Shadow Profiles for all its members, as well as individuals who have yet to register themselves. This allegation is one of the 22 complaints thin the group filed against Facebook and  See More..

Spammers Promote Steve Jobs Bogus Charity Fund

Even after some weeks following Steve Jobs death, spammers are nonetheless taking advantage of his demise. We have previously reported about this in the following blog entries: Cybercriminals remember Steve Jobs through Facebook Scam Steve Jobs Proclaimed Alive by Spam This time, we received sample spammed messages promoting a supposed charity fund for young  See More..

Hacker’s phone call to Boston Police saying he defaced their website.. as a result of the fact he was bored

a number of websites associated with US police have been compromised by AntiSec hackers in apparent support of the Occupy demonstrations. One of the site s targeted was the Boston Police Patrolmen s Association (BPPA), which suffered a hack which resulted inside the release of a thousand usernames and passwords. An obvious danger is that staff may possibly  See More..

Letter from HM Treasury? Just One more scam

Over the past 24 hours we have seen a flurry of emails purporting to be from George Osborne MP, the UK s Chancellor of the Exchequer. With reference to supposed stalled international fund transfers, the messages attempt to lure recipients into Generating contact with the fraudsters, in a classic 419 design scam. We have seen at  See More..

exactly where in the World is Razim Al Hamed?

Here s a Spanish language Facebook scam concerning the World s richest man giving away thousand dollar cheques to anybody that wants one. You could almost certainly write Oh dear and leave it at that, but let s take a peek anyway. Scams involving a chap called RazimAl Hamed have been bouncing around on account of the fact at least 2009, and he s  See More..

Fake jobs: jobbworld.com and yourjobb.com

Two new domains being employed to recruit for fake jobs, which the reality is grow to be illegal activities such as money laundering.jobbworld.comyourjobb.comThis very is part of a long-operating scam that has been going on for ages. One characteristic of the spam received is that it appears to come from your personal email address (here s why).In the event you  See More..

Microsoft’s YouTube channel has been hacked

Hackers have taken control of Microsoft s official YouTube channel, removed the enterprise s videos and replaced them with ones of their own. Click here for a larger image of Microsoft s hacked YouTube channel. at the time of writing, the hackers are nonetheless uploading new videos to the channel. The ones we have seen so far are  See More..

Microsoft’s official Youtube channel hacked (updated)

It appears that someone has hacked into Microsoft s account on Youtube and removed all videos. As may be seen in the picture, you'll find currently no videos at all anyfar more (see the red arrow in the screenshot) along with the comment about the website isn't Wish to turn out to be Sponsored ? Message me . at the same time the hometown  See far more..

‘discovered a funny imagine of you!’ Twitter phishing attack

We re now regularly seeing Twitter accounts which have fallen into the hands of cybercriminals, sending out messages to their their on-line friends with the aim of tricking them into handing over their all-vital username and password. Here s one of the latest attacks, shared with us by our friends at @TweetSmarter: identified a funny picture of  See More..

HeapLocker 64-bit

I m releasing my first 64-bit version of my HeapLocker tool.I had to change multiple pointer calculations, and had to replace 32-bit shellcode with 64-bit shellcode.This 64-bit version gets configured through the registry, exactly like the 32-bit version of HeapLocker. The only difference is Once you want to Protect specific addresses, you have to use a  See More..

Shop for free at Tesco? Beware – it’s An additional Facebook gift card scam

within the last few days we have warned Facebook users about scams spreading on Facebook claiming that the likes of ASDA, Argos, Pizza Hut, Tim Hortons and Starbucks are offering consumers gift cards and vouchers entitling them to free goods. Now it s the turn of British supermarket giant to find its brand abutilised by scammers  See More..

Libyan Leader Muammar Gadhafi’s Death Spam

Threat Analysis: Alan Neville As word spreads of the death of Muammar Gadhafi, cybercriminals are starting to take advantage. We are already seeing spam campaigns related to his death with malicious attachments. Here are several examples of what we have seen so far. This particular campaign claims that Muammar Gadahfi s death might not  See More..

“Battery Doctor” Android Scareware

a new scareware targeting mobile devices running Google s Android working system claims about its capability to recharge the battery. It as well has the capability to steal Info. When the system initial executes, below overview window appears. As you are able to see, it shows Info about the battery and running applications and second pie chart on the  See More..

LG hacked – World wide web site defaced to show simulated intrusion

One of the Australian Internetsites belonging to global electronics giant LG has been hacked by a collective calling itself the Intra Internet Security Exploit Team. in accordance with Asher Moses of the Sydney Morning Herald, the site, lge dot com dot au, was pwned over the weekend, and still in embarrassing post-hack distress this morning: The  See More..

Targeted malware attack shows how quickly Fingerprinting works

Last week, I was operating a shift in SophosLabs triaging customer submissions, and found myself updating detection for the Troj/DocDrop-S Trojan horse. Keen readers will keep in mind that I have talked concerning the Troj/DocDrop-S malware before, in terms of the presentation that Stephen Edwards and I gave in the recent Virus Bulletin conference in Barcelona. The  See More..

Beware Facebook lottery email scams!

Congratulations! You ve won the Facebook lottery! At least, that s whin the following email claims. The email says that it is potential to turn up in person at an address in London to claim your prize, but you will have to confirm your identity and eligibility. In case you don t need to pay a visit to London, then it is potential to choose to  See More..

Survey Scams as Cross-Platform Threats

Tweet For a few time now we ve been reporting about Facebook scams involving surveys that ask for victims mobile numbers. These have become rampant, and have employed multiple different lures like Google+ invites and free Breaking Dawn Part 2 movie tickets An additional great example is a Facebook page we recently encountered, one claiming to be a  See More..

One more widespread site defacement attack. Leading nowhere?

Earlier this morning, I started to see a rise within the volume of Mal/Iframe-Gen detections. Digging further, I located multiple legitimate sites that had been freshly hacked, so that you may be able to redirect users to further malware. As you may be able to see from the image below, there has been a fewthing of a surge in Mal/Iframe-Gen detections since approximately  See More..

Facebook Launches “Social Jobs Partnership”

It s no secret that the unemployment rate inside the United States has reached pretty disturbing heights because of the recent financial recession. Millions of men and women, even those that had all of the appropriate qualifications, lost their jobs simply since the companies could no longer afford to have them on board. Today, the country is slowly trying  See More..

Tuesday, May 1, 2012

These Aren’t the Droid Updates You’re searching For

Our Threat Solutions team found an interesting threat utilizing a novel infection vector for Android today. Back in July, they analyzed Spyware:Android/SndApps, which, after an update, is able access diverse bits of personal information. prior to the update, it only requests the Web permission. It seems probable to us that users are a lot less likely to carecompletely  See More..

mailukrsoft.com: job scammers in action

A write-up over at woozoo.nl caught my eye (in Nederlands, Google Translated to English) concerning the netherlandjobb.com scam. Robert Krom goes numerous steps further than I typically do with a superb study into how the scammers try to rope men and women in.Robert identifies mailukrsoft.com as the subsequent stage within the scam. To me, it looks like  See More..

The Register blunders, hands itself into the ICO

Oops. From: The Register marketing@theregister.co.uk Date: 24 October 2011 18:28 Subject: Apologies from The Register Hello, This morning the name and email address you utilized to register for The Register was mistakenly sent to 3,521 individuals, at the same time readers of The Register. We ve contacted them asking them to delete the email and respect your  See More..

Android Malware Spreads through QR Code

Last week, there was quite a buzz inside the mobile-malware researchers community about a brand new Android malware. It came to light not since of its sophistication or complexity but since of the standard approach that it uses to spread. Most Android malware we have witnessed are repackaged malicious apps made available in black markets or  See More..

So I Googled your name and found.. a Twitter phishing attack!

Sometimes they claim to have found a funny envision of you, say that you simply look like you ve lost weight, or that there s a horrible blog going around about you. Whatever the nature of the disguise utilised by phishing attacks on Twitter, the modus operandi is altechniques the same. Scammers will sfinish you a message, perhaps  See More..

Typosquatting

Do you frequently make mistakes when typing? Is the Backspace keyyour friend? Well, you may possibly possibly be not alone! Most of us make typing errors once in a while, but what if those errors could cause data leakage? Typosquatting exploits Common typing errors made when entering a Internet address in a browser typing a instead of s ,  See More..

Scam sites on 84.22.161.169

84.22.161.169 (IOMART Ltd, UK) seems to have a few difficulties with scam sites, such as the one mentioned in this post. I haven t had time to check the entire range, but most of the sites they host are legitimate, these Even so appear to be bogus.mailukrsoft.com Rogers, Sid via@viagrasuperpills.com March St 43 San Antonio, Tx 7820 1  See More..

DroidKungFu Utilizes an Update Attack

We did a quickly write-up yesterday about a DroidKungfu sample that appeared to utilize a novel infection vector. Now, as promised, significantly more technical details. The application we ve been analyzing is called com.ps.keepaccount, along with a quickly check into its content reveals a few findings. The original application (SHA-1: 5e2fb0bef9048f56e461c746b6a644762f0b0b54) will not show any trace of  See significantly more..

Book review: Ninja Hacking – unconventional penetration testing tactics and techniques

Be in no doubt, credibility is high for this book. Authors of Ninja Hacking , Thomas Wilhelm and Jason Andress, certainly have expertise in the field of computer security, with particular concentrate on penetration testing. They too have experience in each the academic and corporate environments. The subtitle Unconventional penetration testing tactics and methods is Even so  See More..

Japanese parliament hit by cyber-attack

according to local media reports, hackers were able to snoop upon emails and steal passwords from computers belonging to lawmakers in the Japanese parliament for over a month. A report in the Asahi Shimbun claims that PCs and servers were infected after a Trojan horse was emailed to a a Lower house member in July.  See More..

Hackers steal data on nuclear plants and fighter jets

A high-tech military contractor, which suffered an attack from hackers earlier this year, is reported to have lost sensitive data related to defence equipment including fighter jet planes and nuclear Energy plant plans. The Ashai Shimbun claims that when Mitsubishi Heavy Industries was hit by an attack earlier this year sensitive data and plans were  See More..

Pink My Profile Bogus Keylogger Warning

October is Breast Cancer Awareness Month. several companies and non-profit companies run promotions and fundraising events to support the cause. Such is the case with the latest Facebook hoax. CUA is quite a monetary institution in Australia, and they developed a unique technique to raise awareness for breast cancer awareness. Users can install a Facebook application  See More..

The Pink Profile Pic Facebook virus hoax

Have you noticed the profile pics of a few of your Facebook friends have acquired a pink tinge? Rumours have hit the social netoperating site that the Facebook app that turns your profile picture pink carries keylogger malware that could spy on your keypresses, and steal your passwords Not only from Facebook, but from on the web  See More..

Free $5000 Gift Card for COLES – Facebook Scam

Scam Signature Message:Free $5000 Gift Card for COLESikeazone.infoAs christmas is approaching, coles has decided to give away$500 Gift Cards Scam Type:Survey ScamTrending: October 2011Why it s a Scam:Clicking the wall article link takes youto the following page:As usual, here you may be asked to Share the message with your friends and enter a comment on the page.  See More..

Linux Tsunami hits OS X

We ve just come across an IRC controlled backdoor which is enables the infected machine to become a bot for Distributed Denial of Service attacks. The interesting part about It is that it s a Mach-O binary targeting Mac OS X. ESET s investigation team compared this to samples in our malware collection and identified that this  See More..

RIM fixes BlackBerry security holes

The Canadian enterprise study in Motion (RIM) has announced a handful of recently identified vulnerabilities in its BlackBerry 6 handheld OS and BES for IBM Lotus Notes and Microsoft Exchange.RIM reports that three newly identified vulnerabilities inside the BlackBerry 6 Webkit browser could allow a hacker to access and/or modify data stored within a BlackBerry  See More..

Tour de France cheat faces suspended sentence in malware case

Oh my, what a tangled story.. In 2006, American cyclist Floyd Landis won the Tour de France competition. He was subsequently stripped of his title after an anti-doping lab reported it had identified unusual levels of testosterone in his body. Landis spent years trying to overturn the decision, spending millions of dollars inside the process,  See More..

Facebook spams evolved

We are all employed with the already classical spams Facebook has sent you a notification and all other variations similar to this one. The links typically redirect in two steps to a Canadian Pharmacy website exactly where distinct (fake) meds are offered at unbelievable prices. We have noticed a brand new kind of mail which in the  See More..

MyBB World wide web site and downloads compromised

It s not great when your site gets infected with malware, specially ought to you re a provider of software to many. If you might be employing MyBB (forum software), please be conscious that their Web site hacked too as the software download packages compromised: There was unfortunately a vulnercapability within the CMS which powers the MyBB residence page and  See More..

The Mystery of Duqu: Part Two

Our study and study of Duqu malware continues. In our previous report, we made two points: - you may find more drivers than it was previously thought; - It is possible that you may find extra modules. Besides those key points, we concluded that unlike the large StuxWeb infections, Duqu attacks and is contained within an very  See more..

Tsunami backdoor for Mac OS X discovered

OSX/Tsunami-A, a new backdoor Trojan horse for Mac OS X, has been discovered. What makes Tsunami particularly interesting is that it appears to be a port of Troj/Kaiten, a Linux backdoor Trojan horse that once it has embedded itself on a computer program listens to an IRC channel for further instructions. usually code like this  See More..

A Package-scam Malware Attack

Yesterday, WebPulse blocked over 100 attempts by our users to download a malicious executable. It s an attack sort I don t don't forget precisely writing about inside the past, so it s worth a quickly post. The sample I grabbed was named USPS_Invoice_10242011.PDF.exe. From the file name, I rather suspected that I would find that this was Another  See More..

Bundestrojaner, Sony breach, Duqu, OS X anti-anti-virus, MS hack – 60 Sec Security

Watch the latest security news in just 60 seconds! - (take pleasure in this video? Why not visit the SophosLabs YouTube channel?) Last three episodes: 13 Sep 2011 08 Oct 2011 26 Oct 2011 Follow @duckblog  See More..

Eat for Free at Cheesecake Factory! – Facebook Scam

Scam Signature Message:Eat for Free at Cheesecake Factory!thecheesecakegift.comAs the holidays approach, Cheesecake Factory has decidedto celebrate early by giving away FREE DINNERS to it s fansand customers. Claim yours now ahead of they re all gone!Scam Type:Bogus OfferTrending: October 2011Why it s a Scam:Clicking the wall write-up link takes youto the following page:As usual, here you are asked to  See More..

ROP chain for Windows 8

Shortly after Microsoft s release of Windows 8 Developer Preview, I read an write-up mentioning the mechanism to prevent ROP (Return Oriented Programming) on Windows 8 along with the way to bypass it. Accordingly, I have experimented and provided a ROP chain which would be used for any ROP exploit codes on Windows 8. Let s talk about  See More..

Win32/Duqu: It’s A Date

For the last few days, considerably malware study time has been devoted to the brand-new malware that ESET calls Win32/Duqu. One of the features that makes this type of malware particularly interesting is that it extremely closely resembles Stuxnet, one of one of the most sophisticated worms of recent years. Last year we performed in-depth study of  See More..

Get gamed and rue the day…

As we discussed last week, socially engineered threats are specially crafted threats designed to lure the eye and trick the mind they look legitimate or benign, and in worst case, may take advantage of a trusted relationship, by developing use of a compromised account or familiar website. Social engineering methods may be employed in isolation, but  See More..

Aisha Gaddafi plea for he..

Scammers have been fast to capitalize on the death of Muammar Gaddafi by sending out emails from Ayesha Gaddafi. Ayesha (too spelled Aisha) is the daughter of Muammar Gaddafi who has reportedly fled to Algeria. The creators of the email seem to have made an error by including the message text inside the subject line,  See More..

Gaddafi email scam gives you millions, and to set up an orphanage!

It s Not merely malware authors who are taking advantage of the death of Libya s Colonel Gaddafi. Scammers and fraudsters are exploiting what they see as a money-Creating chance too. Take the following top secret email, for instance. It claims to come from one of Gaddafi s cohorts, who says he is currently hiding in a small  See More..

Top journalists’ email passwords made public, as scandal impacts over 200,000

Repeat after me: you need to not use the same password on many websites. That s an essential lesson that thousands of bloggers are Having to understand the challenging way, after an extraordinary story broke in Sweden that involves Twitter, politics, password security and allegations that members of the national media were being spied upon. Here s the  See More..

บทความที่ได้รับความนิยม

Popular Posts