Page 58 of 70 FirstFirst ... 84854555657585960616268 ... LastLast
Results 571 to 580 of 694

Thread: SPAM frauds, fakes, and other MALWARE deliveries - archive

  1. #571
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post Greyware fog ...

    FYI...

    Greyware fog ...
    - https://www.securityweek.com/fog-greyware
    Feb 13, 2012 - "... it was more than a little bit surprising when we observed downloads from Download.com behaving like spyware... Download.com had begun delivering freeware downloads in a wrapper that enticed users to click during the install in order to receive special offers and deals... When a user clicked on this option, the application took several steps that lowered the security of the user’s system, such as making changes to the security settings in the browser, changing proxy settings and also installed a service that leaked user information over HTTP POSTs. As it turns out, Download.com was under new management and had then intentionally developed this wrapper with those functions as a method to collect shopping data from their users. This led to a miniature scandal as antivirus vendors began rightly classifying the code as spyware, and Download.com then quickly reversed course. However, this is an example of a very broad problem... there are tons of applications and code out there that are not overtly malicious, yet do very spyware-like things without the user’s knowledge. Changes to security settings, browser settings, listening on backdoor ports, changing personal firewall settings. This is dangerous because it is -unlikely- that this type of behavior is going to be flagged as malicious, and yet it is materially reducing the security posture of the client machine. These things don’t compromise the host directly, but it certainly softens up the target for more malicious code or attackers... we will need to the ability to quickly determine which sorts of downloads and applets are safe for users to download in just the same way we are safely enabling applications today, applications such as webmail, SharePoint and other collaborative apps. Anything that affects the security posture of the client or the network needs to be seen by IT, and IT needs the policies in place that clearly define what sorts of behavior are allowed and which are not. The lesson here is that until we gain a credible level of control here in the grey end of the spectrum, we are simply trusting the Internet to provide reasonably safe code that doesn’t endanger users..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #572
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Fake AICPA e-mail - Blackholes and Rootkits ...

    FYI...

    Fake AICPA e-mail - Blackholes and Rootkits ...
    - http://www.gfi.com/blog/fake-aicpa-m...-and-rootkits/
    Feb 20, 2012 - "Be wary of emails claiming to be from AICPA – as per their alert here*, these are not real and any mention of “unlawful tax return fraud” is just a -bait- to convince the end-user to open up a malicious attachment (in this case, a .doc file** although there are rogue PDF files in circulation too). As with many of the malicious spam campaigns doing the rounds at the moment, this one will use the Blackhole exploit kit to serve up zbot from multiple compromised domains. Worse, a Sakura kit (typical example here***) will download Sirefef / ZeroAccess , which as we’ve seen elsewhere**** is not a good thing to have on your system. One of the more unpleasant spam campaigns we’ve seen recently."

    * http://www.aicpa.org/News/FeaturedNe...ent-email.aspx
    Feb 17, 2012

    ** http://www.gfi.com/blog/wp-content/u...ploitmails.jpg

    *** http://xylibox.blogspot.com/2012/01/...t-pack-10.html

    **** http://www.cio.com/article/691811/Bi...Remove_Rootkit

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #573
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb ASERT: Threat Briefing - 2012.02.21...

    FYI...

    ASERT Security Intelligence: Threat Briefings
    - http://atlas.arbor.net/briefs/ - 2012.02.21
    "Summary: A variety of security patches are released for Cisco NX-OS, Adobe Flash Player, and Java. Such third party software is often the vector used by attackers to compromise systems and install malware. Database systems are also compromised and recent data leaks point to the importance of protecting databases with basic security measures and encryption... The threat of a DNS attack on March 31st* may not be as deadly as it seems, and the trend of users bringing their own devices to work can pose grave risks to security."

    * https://en.wikipedia.org/wiki/Distri..._Blackout_2012

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #574
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post Ics aslr = fubar ...

    FYI...

    TL;DR: ICS ASLR = FUBAR ...
    - http://h-online.com/-1440759
    22 Feb 2012 - "Jon Oberheid has found the ASLR (Address Space Layout Randomisation) in Google's Android 4, Ice Cream Sandwich (ICS), somewhat wanting. In a detailed posting on the Duo Security blog*, one commenter eloquently concluded that "TL;DR: ICS ASLR = FUBAR". Specifically, he found that the lack of randomisation in executable and linker memory regions meant that it would be "largely ineffective for mitigating real-world attacks"... The Android Security Team responded to Oberheid's posting noting that they will, in 4.0.3, randomise the heap and future Android releases will randomise the linker and executable mappings."
    * http://blog.duosecurity.com/2012/02/...-sandwich-4-0/

    > https://en.wikipedia.org/wiki/Androi...Cream_Sandwich

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #575
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy McAfee Q4 Threats Report

    FYI...

    McAfee Q4 Threats Report...
    - https://blogs.mcafee.com/mcafee-labs...amples-in-2011
    Feb 21, 2012 - "... The overall growth of PC-based malware actually declined throughout Q4 2011, and is significantly lower than Q4 2010. The -cumulative- number of unique malware samples in the collection still exceeds the 75 million mark. In total, both 2011 and the fourth quarter were by far the busiest periods for mobile malware that McAfee has seen yet, with -Android- firmly fixed as the largest target for writers of mobile malware. Contributing to the rise in malware were rootkits, or stealth malware. Though rootkits are some of the most sophisticated classifications of malware, designed to evade detection and “live” on a system for a prolonged period, they showed a slight decline in Q4. Fake AV dropped considerably from Q3, while AutoRun and password-stealing Trojan malware show modest declines. In a sharp contrast to Q2 2011, Mac OS malware has remained at very low levels the last two quarters.
    Web Threats: In the third quarter McAfee Labs recorded an average of 6,500 -new- bad sites per day; this figure shot up to -9,300- sites in Q4. Approximately one in every 400 URLs were malicious on average, and at their highest levels, approximately one in every 200 URLs were -malicious-. This brings the total of active malicious URLs to more than 700,000..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #576
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Mac Trojan spreading in-the-wild ...

    FYI...

    Mac Trojan spreading in-the-wild...
    Exploits Java vulns and packs fake certificate
    - http://www.theregister.co.uk/2012/02...ck_mac_trojan/
    24 Feb 2012 - "... a new variant of a Mac-specific password-snatching Trojan horse is spreading in the wild. Flashback-G initially attempts to install itself via one of two Java vulnerabilities. Failing that, the malicious applet displays a self-signed certificate (claiming to be from Apple) in the hope users just install the malware. Once snugly in place, the malware attempts to capture the login credentials users enter on bank websites, PayPal, and many others. OS X Lion did not come with Java preinstalled, but Snow Leopard does, so users of Mac's latest OS are more at risk of attack. Mac security specialist Intego warns that the variant is infecting Mac users and spreading in the wild. Symptoms of infection can include the crashing of browsers and web applications, such as Safari and Skype. Intego, which has added detection for the malware, has a write-up* of the attack with a screenshot of the self-signed certificate used by the malware in action..."
    * http://blog.intego.com/flashback-mac...h-new-variant/
    "... essential that anyone running OS X 10.6 update Java immediately. To do this, run Software Update, from the Apple menu; if you do not have the latest version of Java, an update will be available... Macs are (also) getting infected by the social engineering trick of the bogus certificate purporting to be signed by Apple... If you see this, don’t trust it, and cancel the process..."

    - http://h-online.com/-1442810
    24 Feb 2012 - "... If an up-to-date version of Java is in use, to become infected the user has to approve a certificate clearly marked as not trusted..."

    Last edited by AplusWebMaster; 2012-02-25 at 22:02.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #577
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Chat-in-the-Middle phishing attack fraud...

    FYI...

    “Chat-in-the-Middle” phishing attack fraud...
    - http://www.trusteer.com/blog/speakin...t-commit-fraud
    Feb 28, 2012 - "Working with a leading financial institution we recently discovered a disturbing new attack against online banking users. It uses a technique we have not seen exhibited before by financial malware.. Technically, it writes to you... the attack uses the familiar online customer service tool most of us are familiar with – live chat... The attack is being carried out using the Shylock malware platform... This particular Shylock configuration uses a classic MitB (Man in the Browser) structure with plenty of fake HTML page injections and uses complex external Javascript resources. It specifically targets business/commercial online banking customers. When the victim logs in to the online banking application, the session -stalls- for few minutes and the user is told that security checks are being performed... This exchange is apparently used to gather more information from the victim. The session may even be used to perform real time fraud by enticing the victim to sign/verify fraudulent transactions that Shylock is initiating in the background... In 2009, RSA* discovered a phishing attack that incorporated live chat... In that attack, the victim was lured to a phishing site where they were presented with a fraudulent chat window. In 2012, apparently, fraudsters have decided to make house calls by extending this capability from phishing web sites and embedding it in malware platforms..."
    * http://blogs.rsa.com/rsafarl/chat-in...-chat-support/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #578
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Cybercriminals target phones ...

    FYI...

    Cybercriminals target phones - Android 'most exposed'
    - http://news.yahoo.com/cybercriminals...003516512.html
    Feb 28, 2012 AFP - "Cybercriminals are sneaking a fast-increasing amount of malware into smartphones to steal data or even money, with those running on Google's Android most exposed to security threats, analysts said... Anyone can create or install an application on an Android phone... as opposed to the Apple controlled Appstore which imposes a layer of screening... Trend Micro surveyed independent analysts about security features on the four main mobile operating systems - Apple's iOS, RIM's BlackBerry, Microsoft's Windows and Google's Android - and found that Blackberry was ranked most secure and Android the least. BlackBerry benefitted from the fact that it was originally designed more as a platform than a device, while iOS, ranked second most secure, was tightly controlled by Apple... Technology company Juniper Networks compiled a "record number of mobile malware attacks" in 2011, particularly on Android phones. In 2010, just 11,138 mobile malware samples were recorded, but they soared 155 percent to 28,472 in 2011, the company said. Just under half - 46.7 percent - occurred on Android phones, said Juniper, whose study did -not- look into Apple breaches... Some criminals are hiding "malicious code in legitimate applications" that consumers are downloading unwittingly. Once they have gained access to data on the phone, they are stealing information that could be used in identity theft or in illegal transactions. A further incentive for cybercriminals to breach smartphone security is that unlike computers, each phone "has a direct link to money" through the SIM card... Criminals are able, for instance, to implant so-called trojan horses that prompt phones to send SMSes to premium numbers..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #579
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Olympic phishing messages

    FYI...

    Olympic phishing messages...
    - http://community.websense.com/blogs/...ames-2012.aspx
    01 Mar 2012 - "... Websense... detected and tracked a significant number of these kinds of Olympic phishing messages whose goal is to entice users to submit their personal information... the well-known "National Lottery"-type scam, where the targeted users are tricked into believing they are winners of some sort of local lottery... Once the user opens the Microsoft Word document, the sender informs the user that he or she is the lucky "winner" of £200,00.00 GBP, and then requests that the user provide personal information, such as full name, address, nationality, occupation, and mobile number to help process the claim... Although this email attachment is not malicious, it is clear that the sender has some other questionable activity in mind by asking for and collecting personal information. This could range from email spam using the victim's email address and mobile phone number to other rogue promotional messages that could potentially have web links leading to malicious websites. Threats like these Olympics scams are also known as advanced-fee fraud in which victims are asked to contact a claims agent. They may then be asked to pay "processing fees" to receive their money, which never happens... This is also a good way to collect, with social engineering techniques, mobile phone numbers and to start other kinds of fraudulent activities like asking for details about mobile banking accounts..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #580
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Unhappy Employees disabling security controls

    FYI...

    Employees disabling security controls
    - https://www.net-security.org/secworld.php?id=12508
    29 Feb 2012 - "Corporate mobile devices and the bring-your-own-device (BYOD) phenomenon are rapidly circumventing enterprise security and policies, say the results of a new global study sponsored by Websense... 77 percent of more than 4,000 respondents in 12 countries agree that the use of mobile devices in the workplace is important to achieving business objectives, but only 39 percent have the necessary security controls to address the risk their use entails. According to a previous Ponemon Institute survey, IT respondents said 63 percent of breaches occurred as a result of mobile devices, and only 28 percent said employee desktop computers were the cause. This latest research shows that organizations often don't know how and what data is leaving their networks through non-secure mobile devices, and that traditional static security solutions are not effective at stopping advanced malware and data theft threats from malicious or negligent insiders... More than 4,600 IT and IT security practitioners in Australia, Brazil, Canada, France, Germany, Hong Kong, India, Italy, Mexico, Singapore, United Kingdom, and the United States were surveyed. With an average of 10 years' experience in the field, fifty-four percent are supervisors (or above) and 42 percent are from organizations with more than 5,000 employees. This survey defines mobile devices as laptops, USB drives, smartphones, and tablets."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •