Fake Careerbuilder sites/phish...
FYI...
Fake Careerbuilder sites/phish...
- http://asert.arbornetworks.com/2008/...ran-and-burma/
September 19, 2008 - "...new fast flux phishing malcode delivery scheme targeting CareerBuilder. Lures bring you in to a number of sites and launch malcode onto your system. Pretty classic technique these days, been used heavily for banks in the past couple of weeks... It’s a fast flux botnet, apparently doing double flux too... Much of that list comes from Gary Warner’s always excellent blog*. So, as many of you may be in the job market, keep in mind that not everything from CareerBuilder is really from them..."
* http://garwarner.blogspot.com/2008/0...t-digital.html
(Screenshots available at both URLs above.)
:fear::mad:
Facebook malicious SPAM...
FYI...
Facebook "add friend" Malicious SPAM
- http://securitylabs.websense.com/con...erts/3185.aspx
09.22.2008 - "Websense... has discovered a new malicious social-engineering spam campaign masquerading as official emails sent by the popular Web 2.0 social-networking site, Facebook. The email is spoofed to appear from the domain facebookmail.com, an official domain used by Facebook for their outbound emails when notifying their users of an event. It is common for Facebook to send an email to notify their users when another Facebook user adds them as a friend on the social network. However, the spammers included a zip attachment that purports to contain a picture in order to entice the recipient to double-click on it. The attached file is actually a Trojan horse..."
(Screenshot avaliable at the URL above.)
:fear:
Wachovia... spy-phishing rootkit...
FYI...
Wachovia... spy-phishing rootkit
- http://blog.trendmicro.com/wachovia-...talls-rootkit/
Sep. 22, 2008 - "... spy-phishing scheme targeting the Fortune 500 company and 4th largest banking chain in the US, Wachovia Bank. This attack ends in the execution of a rootkit, TROJ_ROOTKIT.FX, which is a file that hides files and processes, allowing malicious attacks to run entirely beneath the radar.
Macalintal warns that he has seen the following subject headings used in this attack:
* Wachovia Connection Update Alert.
* Wachovia Connection Customer Support - Security Updates.
* Wachovia Connection upgrade warning.
* Wachovia Connection Emergency Alert System...
The malicious links download a file named SPlusWachoviadigicert.exe. Trend Micro Smart Protection Network detects this as TROJ_AGENT.AINZ. It accesses a certain URL to download another malware that in turn drops and installs TROJ_ROOTKIT.FX. This infection chain can be cut off at various points by the Smart Protection Network as we already detect the spam, the malicious links therein, and the files that are downloaded and executed on the system...
The legitimate Wachovia Security Plus link can be accessed here*, where the company discusses several security issues and precautionary methods to avoid being tricked by these types of attacks..."
* http://www.wachovia.com/securityplus/0,,,00.html
(Screenshot available at the TrendMicro URL above.)
:fear: :mad:
American Airlines phish...
FYI...
American Airlines phish...
- http://securitylabs.websense.com/con...erts/3187.aspx
09.23.2008 - "Websense... has discovered a new phishing campaign targeting American Airlines AAdvantage(R) Program customers. Users receive an email, which is spoofed, that tries to convince the user that, if they log in and fill out a 5-question survey, they will get a $50 reward. The email provides a link that takes visitors to the phishing Web site. The email also provides a fake code which is meant to entice the user even more..."
(Screenshot available at the URL above.)
:fear::mad:
Same WW3 SPAM... more detail
FYI...
Same WW3 SPAM... more detail
- http://blog.trendmicro.com/world-war-iii-malware-spam/
Sep. 29, 2008 - "...SPAM announcing the declaration of World War III. The link provided points to a legitimate-looking CNN page with a video. However, users wishing to view this video are prompted to install an ActiveX Object... The supposed ActiveX Object is actually malware, which Trend Micro detects as TSPY_BANCOS.JN. TSPY_BANCOS.JN, like all BANCOS variants, is an info stealer that monitors the browser of the affected system. It waits for the user to access certain banking-related Web sites, then spoofs the login pages of the bank Web site to steal sensitive account information. The request to install an ActiveX Object is a popular ploy to spread malware these days, and this bogus ActiveX Object is yet another one designed to deceive the user to believe that he’s installing something useful..."
(Screenshots available at the URL above.)
:fear:
Blogspot under push by malware authors...
FYI...
Blogspot under push by malware authors
- http://sunbeltblog.blogspot.com/2008...e-authors.html
October 13, 2008 - "We’ve seen a number of new blogs on Blogspot today that push malware, pushing various search keywords...
Examples:
buzzwocdco. blogspot. com
iberianiceaande. blogspot. com
semtmbmshmenf. blogspot. com
These sites push fake codecs which generally make ones life quite miserable."
(Screenshot available at the URL above.)
:fear: :mad: