Page 52 of 70 FirstFirst ... 24248495051525354555662 ... LastLast
Results 511 to 520 of 694

Thread: SPAM frauds, fakes, and other MALWARE deliveries - archive

  1. #511
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Webinjects - underground market

    FYI...

    Webinjects - underground market
    - http://www.trusteer.com/blog/webinje...rground-market
    November 02, 2011 - "... cybercriminals have been busy developing webinjects for Zeus and Spyeye to orchestrate and develop malevolent attacks against certain brands. Webinjects are malware configuration directives that are used to inject rogue content in the web pages of bank websites to steal confidential information from the institution’s customers... Trusteer’s research team has discovered that these webinjects are being offered for sale on many open internet forums... developers are earning a decent income from selling the Zeus/Spyeye webinjects service to an increasingly diverse customer base... the developers have gone to the trouble of obfuscating the Zeus/Spyeye webinjects, not because they want to confuse malware researchers, but to try and prevent piracy of their software... webinjects can’t be modified by the 'customer', if they need localization for a specific country and language, this can only be carried out by the developers... for a price... resale is rife. Those that have purchased a copy of webinject are openly -reselling- their version to anyone wanting to steal the same information from victims... From the advertisements we’ve seen there are multiple targets, including British, Canadian, American, and German banks..."
    (More detail at the trusteer URL above.)

    - http://www.abuse.ch/?p=2986
    December 21, 2010 - "... the Bozvanovna botnet is also using so-called Webinjects to phish credentials and steal money from the victims online bank account..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #512
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down MIT server hijacked... used by hacks to compromise other websites

    FYI...

    MIT server hijacked - used by hacks to compromise other websites
    - https://www.computerworld.com/s/arti...ttack_campaign
    November 3, 2011 - "A server belonging to the Massachusetts Institute of Technology was commandeered by hackers who used it to launch attacks against other websites as part of a larger drive-by download campaign, according to antivirus vendor BitDefender*... The rogue script hosted on the MIT server searched for vulnerable installations of phpMyAdmin, a popular Web-based database administration tool. When the script finds a server with phpMyAdmin version 2.5.6 through 2.8.2, it exploits a vulnerability in the application and injects malicious code into the underlying databases. This attack campaign started in June and resulted in over 100,000 compromised websites so far... The company's researchers believe that the attacks are related to the Blackhole Exploit Pack, one of the most popular drive-by download toolkits currently used by cybercriminals. Users visiting websites compromised in this campaign will be redirected to exploits for vulnerabilities in Java and other browser plug-ins, which try to install malware on their computers... As far as the BitDefender researchers could tell, the server is still online, but no longer attacking websites... The fact that these servers have considerable resources and bandwidth at their disposal is also appealing to cybercriminals and could cause problems for less powerful systems that find themselves attacked. The denial-of-service effect on the smaller systems can be easily mitigated by filtering traffic from the offending IP addresses. However, most of the time hackers don't care if that happens because they use a hit-and-run approach... Webmasters are advised to remove old applications from their servers or keep them updated even if they are only rarely used. They should also review the server logs regularly for unusual requests that could be an indication of an attack in progress. Drive-by download toolkits like Blackhole continue to be popular with cybercriminals because a large number of users do a poor job of keeping their operating systems, browsers and other Internet-facing software up to date."
    * http://www.malwarecity.com/blog/hack...-dos-1199.html
    2 November 2011

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #513
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down 5-M new malware samples... Q3 2011

    FYI...

    5 million new malware samples - Q3 2011
    - http://pandalabs.pandasecurity.com/p...eport-q3-2011/
    Nov 3 - PandaLabs Report – Q3 2011 - "... PandaLabs Report Q3 11 is out... In this quarter 5 million new malware samples have been created and the record of new Trojans has been broken as it the preferred category by cybercriminals to carry out their theft of information... The highlight of this third quarter is the record set in the creation of new Trojan samples. 3 out of 4 new malware samples created by cybercriminals are Trojans and this is just another proof that they are focused on stealing users information."
    * http://press.pandasecurity.com/wp-co...rt-Q3-2011.pdf
    PDF file 2.9MB - 18 pgs.

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #514
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Pirate Bay - malware for Macs...

    FYI...

    Pirate Bay - malware for Macs
    - http://www.f-secure.com/weblog/archives/00002265.html
    November 4, 2011 - "We recently analyzed DevilRobber.A, a Mac OS X malware that has both backdoor and trojan-like capabilities. All the samples we've collected so far were from torrents uploaded by a single user account on The Pirate Bay website... The files shared were legitimate Mac applications, but modified to include the malware's components... the malware author had varying purposes for each of his creations. One variant steals the Keychain of the infected machine and logs the number of files on the system... Graham Cluley* speculates may be referring to "pre-teen hardcore pornography". It appears as though the malware author is trying to find illegal child abuse materials, by spotting which infected machine has the most pornography and using its credentials to gain access to the materials. Other variants install applications related to Bitcoin mining. These applications use both the CPU and GPU computational power of the infected machines, which improves the mining operations at the computer owner's expense... all the variants we've seen log the number of files that match a certain set of criteria, and also steal the Terminal command history and Bitcoin wallet. All variants also perform the following:
    • Opens a port where it listens for commands from a remote user.
    • Installs a web proxy which can be used by remote users as a staging point for other attacks.
    • Steals information from the infected machine and uploads the details to an FTP server for later retrieval..."
    * http://nakedsecurity.sophos.com/2011...itcoin-mining/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #515
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Phone scam targets PC users with phony virus reports

    FYI...

    Phone scam targets PC users with phony virus reports
    - http://www.zdnet.com/blog/bott/phone...s-reports/4198
    Updated 7-November with additional details - "Online con artists are targeting PC users worldwide in a brazen scam. It starts with a phone call from a “tech support specialist” who warns that your computer is infected with a virus. To fix things, all you have to do is give the caller remote access to your PC... it starts with a phone call from someone who claims to be affiliated with Microsoft or another legitimate company or government agency. The caller then asks for the primary computer user in the house, who is told: “Your computer has downloaded a virus.” And, of course, the caller is ready and willing to fix the problem. All you have to do is navigate to a web site, click a link to install some remote-control software, and allow the “technician” to get to work. [NOT] The perps are using legitimate remote-assistance software, like the Ammyy Admin program from Ammyy Software Development, which posted a warning* that included some reports the company has received from scam victims..."
    (More details at the zdnet URL above.)
    * http://www.ammyy.com/en/admin_mu.html
    ___

    - https://www.trusteer.com/blog/apply-...urself-offline
    November 08, 2011

    Last edited by AplusWebMaster; 2011-11-08 at 22:30.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #516
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Fake USPS e-mail w/PDF malware...

    FYI...

    Fake USPS e-mail w/PDF malware...
    - http://sunbeltblog.blogspot.com/2011...in-season.html
    November 10, 2011 - "... an email purporting to have come from a legitimate company with an attached Adobe .PDF file claiming that it's either a receipt, a document, or a ticket. Claims of what the attachment is supposed to be varies, but what remains consistent is that the email always instructs recipients to open it and / or save it on their computer... seeing an uptick of this particular campaign, which pose as a message from the United States Postal Service (USPS) and bears the subject "Package is was not able to be delivered please print out the attached label"... When executed, it connects to the IP address, 91(dot)221(dot)98(dot)29, and downloads the file named step.exe, which is a variant of FakeSysDef, a rogue malware. It also checks on the following websites, all of which are from Russia:
    followmego12(dot)ru
    hidemyfass87111(dot)ru
    losokorot7621(dot)ru
    mamtumbochka766(dot)ru ...
    ... we detect this malware as Trojan.Win32.Generic!BT. As always, steer clear from these kinds of emails..."

    Fake USPS Package Delivery Notification E-mail Messages...
    - http://tools.cisco.com/security/cent...?alertId=24212
    November 10, 2011 - "... The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code..."

    Last edited by AplusWebMaster; 2011-11-12 at 16:20.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #517
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down 73,000 daily malware threats created...

    FYI...

    73,000 daily malware threats created...
    - https://www.computerworld.com/s/arti..._based_malware
    November 11, 2011 - "... CI uses the Internet "community" - users of Panda's free CloudAntivirus, along with other companies and collaborators - to locate malware... ranging from viruses to worms, Trojans, spyware and other attacks. CI now has a database of more than 25 terabytes of cloud-based classification data... According to Panda, a third of all the malware in existence was created in the first 10 months of 2010. The average number of threats created daily rose from 55,000 in 2009 to 63,000 in 2010 to 73,000 this year..."
    > http://dashboard.csoonline.com/

    - http://www.av-test.org/en/statistics/malware/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #518
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Virus Outbreak In Progress...

    FYI...

    Virus Outbreak In Progress
    - http://www.ironport.com/toc/
    November 14, 2011

    - http://tools.cisco.com/security/cent...utbreak.x?i=77

    Fake Secret File Malicious Link E-mail Messages...
    - http://tools.cisco.com/security/cent...?alertId=24569
    Fake Payment Details Spreadsheet E-mail Messages...
    - http://tools.cisco.com/security/cent...?alertId=24566
    Fake Royal Mail Service Delivery Failure E-mail Messages...
    - http://tools.cisco.com/security/cent...?alertId=24264
    ___

    Global Attacks
    - http://atlas.arbor.net/summary/attacks#sources
    Summary Report - (Past 24 hours)
    "... by Country... by ASN..."

    1. http://www.google.com/safebrowsing/d...c?site=AS:4134

    2. http://www.google.com/safebrowsing/d...c?site=AS:4812

    3. http://www.google.com/safebrowsing/d...c?site=AS:4837

    Last edited by AplusWebMaster; 2011-11-14 at 17:36.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #519
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Htaccess redirection - malware...

    FYI...

    Htaccess redirection - malware ...
    - http://blog.sucuri.net/2011/11/htacc...o-dot-com.html
    November 14, 2011 - "Since last week we started to see a large increase in the number of sites compromised with a .htaccess redirection to hxxp ://sweepstakesandcontestsinfo .com/ nl-in .php?nnn=555. This domain has been used to distribute malware for a while (generally through javascript injections), but only in the last few days that we started to see it being done via .htaccess... anyone that visits the compromised sites from a search engine will get redirected (and some times have their personal computer compromised). This is what happens on the browser of the visitor:
    • Visits compromised site by clicking from a search engine
    • Browser is redirected to sweepstakesandcontestsinfo.com/nl-in.php?nnn=555 (and variations)
    • Browser is redirected to hxxp ://www4.personaltr-scaner.rr.nu/?gue5mx=i%2BrOmaqtppWomd%2FXxa.. (or www3 .bustdy .in or www3 .strongdefenseiz .in and variations)
    • Browser is again redirected to hxxp ://rdr.cz.cc/ go.php?6&uid=7&isRedirected=1 (and other domains)
    From there, it can be sent to online surveys
    (hxxp ://www.nic.cz.cc/redir2/?hxxp ://surveyfinde.com/d/local-job-listings .net), malware web sites, fake search engines and anywhere the attackers decide.
    >> If your site is compromised, check your .htaccess to see if it was modified. If you are not sure, run a scan on your site here:
    - http://sitecheck.sucuri.net
    ... we are seeing it being used in combination with timthumb.php attacks and on outdated Joomla/WordPress sites. So you have make sure all of them are updated to avoid getting reinfected. *Also, the site is -not- blacklisted by Google (or in any major blacklist)..."
    ? - http://forums.spybot.info/showpost.p...2&postcount=91
    ____

    Bash commands to detect script injections and malware
    - http://www.malwaredomains.com/wordpress/?p=2184
    November 14th, 2011 - "This was posted a while ago on stopbadware and it’s too good not to repost… The first one will find any javascript file that contains the string “eval(unescape” which is the most common way of injecting malicious code. The second is a similar method for PHP files (source*)... If you run a CMS, making this a “cron” script to run on a regular interval may not be a bad idea* .. (Note: Linux only… If anyone is running the equivalent commands on windows, please let us know)... [In addition to using a “sitecheck” service like sucuri...]"

    * https://badwarebusters.org/stories/show/20712
    "Not so long ago my site and other domains hosted on my server were injected with malware PHP scripts that caused all sorts of damage, including amending javascript files to display ads to people who visited my sites. The scripts also self-replicated, and accepted commands from an external source to run on my server. These 2 bash commands saved my life and I would like to share them with the world. The first one will find any javascript file that contains the string “eval(unescape” which is the most common way of injecting malicious code. The second is a similar method for PHP files.
    find . -name “*.js” | xargs grep -l “eval(unescape”
    find . -name “*.php” | xargs grep -l “eval(base64_decode”
    Seek and destroy!"

    Last edited by AplusWebMaster; 2011-11-15 at 06:13.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #520
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb 2011-Q3 Security threat report...

    FYI...

    2011-Q3 Security threat report - Trend Micro
    - http://blog.trendmicro.com/microsoft...ectors-for-q3/
    Nov. 15, 2011 - "... Google replaced Microsoft as the software vendor with the greatest number of reported vulnerabilities for the quarter - 82. This is due to the increasing number of vulnerabilities found in Chrome, which continues to grow in popularity. Oracle came in second place, with 63 vulnerabilities, while Microsoft fell to third place with 58 vulnerabilities. Furthermore, the United States, which normally takes the top spot in the list of spam-sending countries dropped out of the top 10 list and was replaced by India and South Korea... researchers also witnessed a significant shift in terms of cybercriminal attack targets. The attacks have changed from being massive in nature - those aimed at affecting as many users as possible, to targeted, particularly those against large enterprises and government institutions... trends seen during the third quarter are already taking place halfway into the fourth quarter, with the addition of attacks leveraging the holidays. Attackers will further hone their attacks to target specific entities and will continue leveraging mobile platforms and social media..."
    (More detail available at the trendmicro URL above - the complete report [PDF] here*)
    * http://us.trendmicro.com/imperia/md/...at_roundup.pdf

    Last edited by AplusWebMaster; 2011-11-16 at 14:14.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •