Page 5 of 70 FirstFirst 1234567891555 ... LastLast
Results 41 to 50 of 694

Thread: SPAM frauds, fakes, and other MALWARE deliveries - archive

  1. #41
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down New SPAM threats...

    FYI...

    MSN Messenger used as lure in malicious SPAM
    - http://securitylabs.websense.com/con...erts/3206.aspx
    10.14.2008 - "Websense... has discovered a new malicious spam lure that uses the threat of a virus to encourage users to download a malicious Trojan. The email explains that by downloading the application linked within the email, users can protect themselves against a virus that spams messages to a user's contacts. The email offers an update to Live Messenger Plus - this is actually a Trojan (md5: 5F1D2521F6949F8B71B9FF93C17A8BE2). Antivirus detection rate is low... The URLs provided in the email redirect the user to a two-stage downloader named dsc.scr. As a distraction for the user, a dialog box is displayed explaining that the user will be redirected to msn.com.br. A browser then opens pointing to this site... A scheduled task is then created, and modifications are made to autoexec.bat to disable GBPlugin and other tools promoted by Brazilian banks to protect against such keyloggers and other malware..."

    Hi5 "Add Friend" malicious SPAM
    - http://securitylabs.websense.com/con...erts/3205.aspx
    10.13.2008 - "Websense... has discovered a new malicious, visual social-engineering spam campaign masquerading as official emails sent by the popular Web 2.0 social-networking site Hi5. The email comes in Spanish language, and is -spoofed- to appear as if it comes from the domain hi5.com, an official domain used by Hi5 for their outbound emails when notifying their users of an event. It is common for Hi5 to send an email to notify their users when another Hi5 user adds them as a friend on the social network. However, the spammers embedded malicious links and a fake friend photograph in order to entice the recipient to click on them, which leads to a download of a Trojan horse (md5: 5f6b089f0048e6510c78bb38a3909b9c). The malicious application aims to steal confidential logins for a popular Mexican bank. A-V detection of this banker Trojan is low... A fake Hi5 friend request is included in the body of the email. We have previously alerted on a similar attack relating to Facebook "add friend" Malicious Spam. This clearly indicates that spammer and malware authors are increasingly targeting Web 2.0 sites to carry out their attacks..."

    (Screenshots available at both URLs above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #42
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Angry Bogus spammed email eTickets...

    FYI...

    Bogus spammed email eTickets - Continental Airlines...
    - http://blog.trendmicro.com/your-etic...es-a-worm-fly/
    October 20, 2008 - "...Be careful when booking flights online or opening emails about your “online flight ticket”—or you could crash-land on a heap of malware trouble. TrendLabs researchers caught spammed email messages featuring bogus eTickets supposedly from Continental Airlines, the fourth-largest airline in the U.S. The message thanks the recipient for availing of a new service called “Buy flight ticket Online” and provides account details (even a password). Then it makes the recipient simply print out the attached “purchase invoice and plane ticket” before they use these, and they’re off! How convenient!... The attachment is named E-TICKET.ZIP, which in turn contains the file E-TICKET.DOC.EXE. “It’s the old double-extension trick to hopefully fool the user to double-click the attachment”... Trend Micro detects the file contained in the zipped attachment as WORM_AUTORUN.CTO. This worm propagates via removable drives and accesses websites to download other possibly malicious files. It also displays the icon of files related to Microsoft Word to avoid easy detection and consequent removal... The phrase "Your credit card has been charged" will just add more worry for the user, convincing him more to examine (read: double-click) the ‘flight details’... This seems to be a renewed campaign, as we first saw it in late August — only the featured airline then was Northwest Airlines, and the spam attachment led to rogue AV installation instead of a worm. Since then, the transaction fee has gone up; Northwest supposedly charged almost $700 while Continental about $915. And JetBlue Airways, it would seem, “charged” even more..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #43
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Malicious BBB Certificate SPAM

    FYI...

    Malicious BBB Certificate SPAM
    - http://securitylabs.websense.com/con...erts/3213.aspx
    10.22.2008 - "Websense... has discovered another round of malicious BBB spam today. The spam contains a spoofed -From- address to look as if the message was sent by the Better Business Bureau. The message uses social engineering tactics to entice readers to follow a link in the message in order to "register new software and update contact information". We have seen tens of thousands of these messages coming in since noon today. Also of note is that, from the format of these messages and the resulting links, this looks like it was done by the same group that has been spamming out malicious phishes targeting customers of Bank of America, Wachovia, Royal Bank, and others. Clicking on the link takes the victim to a page which -looks- like the BBB site. The site stresses that a digital certificate should be used while browsing the BBB site. It then provides a prompt to download a file called "TrustedBBBCertificate.exe" which is actually a Trojan Downloader (SHA-1 dcefc1fb912d7bb536de3e66d9c5c6c8465f0790). When this file is executed, it takes the victim to another Web page, which is hosted on another malicious domain, for the "Certificate Registration". This secondary site also tries to get the victim to download "TrustedBBBCertificate.exe"..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #44
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Compromised Halloween-themed websites

    FYI...

    Malicious Website/Malicious Code - Halloween-themed websites
    - http://securitylabs.websense.com/con...erts/3223.aspx
    10.31.2008 - " Websense... has discovered that numerous Halloween-themed Web sites have been compromised as Halloween approaches and users are more likely to visit. One particular example is a Web site selling Halloween costumes. The deobfuscation returned by ThreatSeeker shows that the JavaScript has multiple layers of obfuscation. The script contacts a malcious server in the .biz TLD. Within the ThreatSeeker network, we have seen almost ten thousand sites infected with the same obfuscation technique. Another example is a US-based retailer using the Halloween theme to promote its products. This Web site is infected with a redirection that points to a gpack exploit kit. The ThreatSeeker network is currently tracking over thirteen-thousand sites infected with these patterns... Not only malware authors take advantage of seasonal events. Numerous recently registered proxy Web sites are using the Halloween theme to allow users to bypass traditional URL filtering solutions..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #45
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Angry Election result SPAM...

    FYI...

    Election result SPAM malware
    - http://securitylabs.websense.com/con...erts/3229.aspx
    11.05.2008 - "Websense... has discovered that malware authors are capitalizing on the recently announced results of the 2008 US Presidential election. Malicious email lures are being sent promising a video showing an interview with the advisors to the recently elected US President. The email actually contains links to a file called 'BarackObama.exe' hosted on a compromised travel site at hxxp://*snip*.com/web/BarackObama.exe. This file is a Trojan Downloader with MD5 9720d70a5da9ca442ecf41e9269f5a27. Upon execution files called system.exe and firewall.exe are dropped into the system directory. A phishing kit is unpacked locally, and the dropped files are bound to startup. The hosts file is also modified. Major anti-virus vendors* are not detecting this Trojan Horse..."
    (Screenshots available at the URL above.)

    * http://www.virustotal.com/analisis/f...b58053a00bc4e2
    11.05.2008 19:58:04 (CET) - Result: 14/36 (38.89%)
    Per: http://voices.washingtonpost.com/sec..._obama_wi.html

    Last edited by AplusWebMaster; 2008-11-06 at 04:47.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #46
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Election result SPAM #2...

    Same (kind of) stuff, same day...

    Election result SPAM malware #2
    - http://securitylabs.websense.com/con...erts/3230.aspx
    11.05.2008 - "... further activity from malware authors using the news of the U.S. Presidential campaign outcome as bait to attract users into executing malicious executables. So far we have over 25,000 emails through our systems... In a very quick response to the outcome of the U.S. Presidential attacks we have now seen both localized and globalized attacks... Clicking on the link leads the user to a purposely registered domain which advises the user that they need to install the latest version of Adobe Flash player before the video can be viewed. The malicious Web site actually links to a file called 'adobe_flash.exe' with MD5 47C86509A78DC1EDB42F2964BEA86306. This is a Trojan Downloader packed with ASPack. Upon execution, a RootKit is installed on the compromised machine, and data is sent to multiple command and control servers..."

    Also see:
    - http://garwarner.blogspot.com/2008/1...-as-obama.html
    November 05, 2008

    - http://www.f-secure.com/weblog/archives/00001530.html
    November 5, 2008

    - http://sunbeltblog.blogspot.com/2008...l-malware.html
    11.05.2008

    (Screenshots available at all URLs above.)

    Last edited by AplusWebMaster; 2008-11-06 at 00:35.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #47
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Facebook - Koobface worm spreading again

    FYI...

    - http://securitylabs.websense.com/con...erts/3233.aspx
    11.07.2008 - "Websense... has discovered that the Koobface social networking worm is again spreading on Facebook... email reveals that infected user accounts are being used to post messages to Facebook friends lists. The content was an enticing message with a link that used a Facebook open redirector. When recipients click the link, they are automatically redirected multiple times, finally reaching a site masquerading as YouTube that serves a malicious Trojan downloader..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #48
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down SPAM from ‘US Treasury’ ...redirects to malicious sites

    FYI...

    SPAM from ‘US Treasury’ ...redirects to malicious sites
    - http://blog.trendmicro.com/us-treasu...licious-sites/
    November 9, 2008 | 11:52 pm - "Spammed email messages -supposedly- from The United States Federal Reserve Bank warn their recipients of a “large-scaled phishing attack” affecting several banks and credit unions... The email message gives details on the supposed phishing attack and adds that the US Tresury Department has also monitored a high level of illegal wire transfers. Having told recipients that, the email message then informs them of restrictions imposed on federal wire transfers as part of security measures being taken by concerned government agencies. The message helpfully gives some links where users can get more detailed information. But instead of being directed to a legitimate website, those who click are led to .org domains with names completely different from the websites of the Federal Reserve Bank, the Treasury Department, or the Federal Deposit Insurance Corporation... Other related attacks that use the names of legitimate government organizations or mask themselves as security measures include the following:
    * ‘Treasury Optimizer’ Updates Systems With Malware
    * Storm Goes Economic
    * Fake IRS Web Sites Found (Again)
    Users are advised to refrain from clicking links in unsolicited email messages. It is best to go directly to the website of the concerned organization for more information..."

    (Screenshot available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #49
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy SPAM - huge drops with McColo demise

    FYI...

    SPAM - huge drops with McColo demise...
    - http://marshal.com/trace/traceitem.asp?article=815
    November 13, 2008 - "Yesterday, MCColo Corp, the company responsible for hosting the control servers for several of the biggest spam botnets was taken offline*. Srizbi, Rustock, Mega-D and Pushdo botnets, as well as several others, all had control servers hosted on McColo’s network. Last week these four botnets accounted for over 80 percent of all spam. In addition to botnet control servers, McColo was also known to host malicious software, fake antivirus and child pornography websites... Today, spam has significantly decreased and three of the major botnets, Mega-D, Srizbi and Rustock have almost completely stopped sending spam. Our daily spam volume index showed a massive drop over the last two days... We do not expect this drop in spam to continue for long; often the people or groups responsible for the malicious activity simply move to a new host and continue as normal. Nevertheless, such a dramatic decline in spam, however short-lived, is good news indeed and represents another blow for the cyber criminals."
    * http://asert.arbornetworks.com/2008/...s-mccolo-gone/
    November 12, 2008

    > http://hostexploit.com/downloads/Hos...2.0%201108.pdf

    - http://blog.trendmicro.com/spam-volu...lug-on-mccolo/
    Nov. 15, 2008 - "...This small victory will most likely be short-lived, as it is almost certain that these obviously profitable criminal operations are too valuable for these criminal operations to be abandoned..."

    Last edited by AplusWebMaster; 2008-11-15 at 15:32.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #50
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down PayPal SPAM warns of fraud - installs Worm instead

    FYI...

    - http://blog.trendmicro.com/paypal-sp...-worm-instead/
    Nov. 18, 2008 - "A new fake PayPal email message is being spammed — this time, it is not the typical PayPal phishing email that everyone is accustomed to. Instead of including links asking for the recipient’s personal information, this spammed message asks users to open a .ZIP attachment... It informs recipients that their PayPal accounts were hacked, and that some fraudulent activity may have occurred. As part of security measures, “PayPal” is asking users to review the “report” in the .ZIP file and then contact the company if anything unusual is discovered. The attachment that arrives with this spam, however, does not contain a report or any similar information. Inside the .ZIP archive is a worm that infects the recipient’s computer upon execution..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •