Page 61 of 70 FirstFirst ... 1151575859606162636465 ... LastLast
Results 601 to 610 of 694

Thread: SPAM frauds, fakes, and other MALWARE deliveries - archive

  1. #601
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    5,263

    Thumbs down Android "GoldDream" malware server still alive

    FYI...

    Android "GoldDream" malware server still alive
    - http://community.websense.com/blogs/...ill-alive.aspx
    12 Apr 2012 - "Many anti-virus vendors have reported on and dissected the suspicious and malicious Android "GoldDream" malware threat. The C&C server (lebar .gicp. net)... hosts this -malware-... this C&C server is still alive after several months and is still serving users with "GoldDream" malware... Websense... has blocked the malware server sites, out of the 19 vendors listed by VirusTotal*... The malware site mainly targets users in China, masquerading as a normal Android apps distribution site. The site makes use of a fake certificate and registration... information to lure more customers, and is placed at the bottom of the listed app sites in a bid to advertise itself as a good reputation site... We have analyzed all the available free Android apps on the site (23 in total). 18 of these apps contain "GoldDream" malware. These are normal game apps which are re-packaged to include malicious code... We strongly suggest that users refrain from downloading and installing apps from untrusted 3rd party sources..."
    * https://www.virustotal.com/url/d4ea2...cb51/analysis/
    Normalized URL: http ://lebar .gicp .net/
    Detection ratio: 1/25
    Analysis date: 2012-04-12 09:32:49 UTC
    ___

    - http://google.com/safebrowsing/diagn...site=gicp.net/
    "... 222 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-04-12, and the last time suspicious content was found on this site was on 2012-04-12. Malicious software includes 206 scripting exploit(s), 121 exploit(s), 30 trojan(s). Successful infection resulted in an average of 2 new process(es) on the target machine. Malicious software is hosted on 90 domain(s)... 92 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site... This site was hosted on 15 network(s) including AS32475 (SINGLEHOP), AS4134 (China Telecom backbone), AS4837 (CNC)... Over the past 90 days, gicp.net appeared to function as an intermediary for the infection of 13 site(s)... It infected 9 domain(s)..."

    - http://centralops.net/co/DomainDossier.aspx
    ... canonical name - gicp .net
    aliases
    addresses 74.82.185.218

    Recommended add to BLACKLIST

    Last edited by AplusWebMaster; 2012-04-12 at 17:34.
    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #602
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    5,263

    Thumbs down Ransomware - multiple types/discoveries

    FYI...

    Ransomware - multiple types/discoveries

    1) http://blog.trendmicro.com/ransomwar...s-mbr-hostage/
    Apr 12, 2012 - "We have encountered a ransomware unlike other variants that we have seen previously. A typical ransomware encrypts files or restricts user access to the infected system. However, we found that this particular variant infects the Master Boot Record (MBR), preventing the operating system from loading. Based on our analysis, this malware copies the original MBR and overwrites it with its own malicious code. Right after performing this routine, it automatically restarts the system for the infection take effect..."
    (More detail at trendmicro URL above.)

    2) https://www.f-secure.com/weblog/archives/00002347.html
    April 12, 2012 - "We are receiving reports of a ransom trojan, it's been circulating during the last two days. When first run on the system, the ransomware will iterate all folders on the system. Every document, image, and shortcut (.lnk) file found will be encrypted and appended with an extension of .EnCiPhErEd. In each folder it will drop a text file called "HOW TO DECRYPT.TXT" which contains instructions on how to proceed. The bandit is demanding 50€. It drops a copy of itself in the system's temp folder with a random name. It creates registry entries to associate the .EnCiPhErEd extension with itself, so that the temp folder copy will be launched whenever those files are run, in order to demand the decryption password. After five attempts it will no longer accept passwords. And it then deletes itself, leaving your data encrypted. Our threat hunters think that the source of this ransomware may be from inserted malicious tags in sites, particularly in forums..."
    (More detail at f-secure URL above.)

    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #603
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    5,263

    Thumbs down Android malware poses as Angry Birds

    FYI...

    Android malware poses as Angry Birds...
    - http://nakedsecurity.sophos.com/2012...ds-space-game/
    April 12, 2012 - "Android malware authors have seized an opportunity to infect unsuspecting smartphone users with the launch of the latest addition to the immensely popular "Angry Birds" series of games. SophosLabs recently encountered malware-infected editions of the "Angry Birds Space" game which have been placed in -unofficial- Android app stores. Please note: The version of "Angry Birds Space" in the official Android market (recently renamed "Google Play") is *not* affected... With the malware in place, cybercriminals can now send compromised Android devices instructions to download further code or push URLs to be displayed in the smartphone's browser. Effectively, your Android phone is now part of a botnet, under the control of malicious hackers..."

    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #604
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    5,263

    Thumbs down Fake Verizon emails follow fake AT&T emails...

    FYI...

    Fake Verizon emails follow fake AT&T emails ...
    - http://blog.commtouch.com/cafe/web-s...emails-attack/
    April 16, 2012 - "Less than 2 weeks ago we reported* the use of perfectly formatted AT&T Wireless emails that included multiple links to malware infested sites. These have now been followed up with similar emails – but the “carrier” has switched to Verizon Wireless...
    > http://blog.commtouch.com/cafe/wp-co...urce-email.jpg
    ... The Verizon emails also lead to sites hosting malware – although there are far fewer links in the email – and the same compromised site is used repeatedly in each email (in the AT&T attack, up to 9 different sites were used). The same gang appears to be behind both attacks since the link structure is identical:
    <compromised domain>/<8 random numbers and letters>/index.html.
    The same vulnerabilities are once again exploited via the scripts on the sites. The fully functional homepage of the compromised site is shown below."
    > http://blog.commtouch.com/cafe/wp-co...imate-site.jpg

    * http://blog.commtouch.com/cafe/web-s...nk-to-malware/

    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #605
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    5,263

    Thumbs down Trojan pilfers Hotel credit cards...

    FYI...

    Trojan pilfers Hotel credit cards...
    - https://www.trusteer.com/blog/no-res...t-cards-hotels
    April 18, 2012 - "Our intelligence center researchers recently uncovered a fraud “package” being sold in underground forums that uses a remote access Trojan to steal credit card information from a hotel point of sale (PoS) application. This scheme, which is focused on the hospitality industry, illustrates how criminals are planting malware on enterprise machines to collect financial information instead of targeting end users devices. In this particular scenario, a remote access Trojan program is used to infect hotel front desk computers. It then installs spyware that is able to steal credit card and other customer information by capturing screenshots from the PoS application. According the seller, the Trojan is guaranteed not to be detected by anti-virus programs... This fraud package is being offered for $280. The purchase price includes instructions on how to set-up the Trojan. The sellers even offer advice on how to use telephone social engineering techniques via VoIP software to trick front desk managers into installing the Trojan... criminals are increasingly expanding the focus of their attacks from online banking targets to enterprises..."

    Last edited by AplusWebMaster; 2012-04-20 at 03:50.
    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #606
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    5,263

    Thumbs down Fake LinkedIn reminders connect with malware ...

    FYI...

    Fake LinkedIn reminders connect with malware...
    - http://blog.commtouch.com/cafe/email...ith-malware-2/
    April 19th, 2012 - "Phony LinkedIn invitations are not a new phenomenon. What tends to change is the underlying delivery method used for the malware distribution – In this case compromised websites that unknowingly host malicious scripts. The LinkedIn reminders that are included in the attack include several variables such as names, relationships, and the number of messages awaiting response. As usual the giveaway that something strange is occurring is the link...
    > http://blog.commtouch.com/cafe/wp-co...re-email-2.jpg
    Recipients that click on the link reach a rather bland looking “notification” page that provides no further links or instructions...
    > http://blog.commtouch.com/cafe/wp-co...-message-2.jpg
    ... In the background, several scripts seek out software with vulnerabilities that can be exploited including:
    > Adobe reader and Acrobat:
    http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-0188 - 9.3 (HIGH)
    > Microsoft Windows Help and Support Center in Windows XP:
    http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-1885 - 9.3 (HIGH) ..."

    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #607
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    5,263

    Thumbs down Fake Skype encryption software cloaks DarkComet Trojan

    FYI...

    Fake Skype encryption software cloaks DarkComet Trojan
    - http://blog.trendmicro.com/fake-skyp...kcomet-trojan/
    Apr 20, 2012 - "... We discovered a webpage that advertises a software that purports to provide encryption for Skype. This page is hosted in Syria... the same server that acted as a command-and-control (C&C) server for previous attacks. The webpage features an embedded YouTube video that claims to be from “IT Security Lab” and to encrypt voice communications... The downloaded file skype.exe, detected as BKDR_ZAPCHAST.HVN, is actually DarkComet version 3.3.... We were able to redirect the traffic in our test environment to confirm that it is indeed DarkComet... Note that Skype uses AES encryption on calls and instant messages, as well as its video conversations..."

    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #608
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    5,263

    Thumbs down Bogus Olympics email w/malware

    FYI...

    Bogus Olympics email w/malware
    - http://blog.trendmicro.com/bogus-oly...-with-malware/
    Apr 22, 2012 - "... recently, we found an Olympics scam in the form of a lottery that promises a free travel package to the event. Some online crooks, however, played it differently this time. Instead of the typical Olympic-related scams wherein users supposedly won tickets to the event, this scam arrives as spam disguised as an email advisory... this scam comes in the form of email messages that warn recipients of fake websites and organizations selling tickets to the London Olympics 2012. The mail contains the official logo of the event to possibly deceive users of its legitimacy. Included in the message is an attached .DOC file that lists these bogus ticket sellers. The attachment, however, is actually a malicious file detected by Trend Micro as TROJ_ARTIEF.ZIGS. The malware takes advantage of the RTF Stack Buffer Overflow Vulnerability (CVE-2010-3333) to drop the backdoor BKDR_CYSXL.A. This backdoor may perform several malicious routines that include deleting and creating files and shutting down the infected system... As London Olympics 2012 draws near, we are expecting this type of threats to proliferate. Thus, users should make it a habit to check the legitimacy of -any- message before downloading the attachment or clicking links included in it..."

    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #609
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    5,263

    Thumbs down Facebook emails with malware attachments

    FYI...

    Facebook emails with malware attachments...
    - http://blog.commtouch.com/cafe/email...t-to-me-today/
    April 23rd, 2012 - "A series of emails with malware attachments have been widely distributed in the last few days. The emails alert the recipient about a picture of themselves (or an ex-girlfriend) that has been circulated online. The text from three of the messages is shown below:
    > Sorry to disturb you , – I have a question- have you seen this picture of yours in attachment?? Three facebook friends sent it to me today… why did you put it online? wouldn’t it harm your job? what if parents see it? you must be way cooler than I thought about you man
    > Hi there ,But I really need to ask you – is it you at this picture in attachment? I can’t tell you where I got this picture it doesn’t actually matter…The question is is it really you???.
    > Sorry to disturb you , – I got to show you this picture in attachment. I can’t tell who gave it to me sorry but this chick looks a lot like your ex-gf. But who’s that dude??.

    ... The “image” is attached to the emails for convenience and the filename in all samples was identical: “IMG0962.zip”. The unzipped file displays a PDF icon – which may confuse recipients whose computers do not display file extensions (the extension in this case is .exe)... detected attached malware within seconds of the start of the outbreak... the scale of the attack on Saturday – from 4am (Pacific Time) till 3am on Sunday morning... At its peak the attack averaged around 100,000 messages per second..."

    Last edited by AplusWebMaster; 2012-04-23 at 16:09.
    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #610
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    5,263

    Thumbs down Phishing and malware meet Check Fraud

    FYI...

    Phishing and malware meet Check Fraud
    - https://www.trusteer.com/blog/catch-...et-check-fraud
    April 24, 2012 - "... a SCAM in an underground forum that shows how data obtained through phishing and malware attacks can be used to make one of the oldest forms of fraud – check forging... The scam involves a criminal selling pre-printed checks linked to corporate bank accounts in the USA, UK and China. The criminal is selling falsified bank checks made with specialized printing equipment, ink and paper. For $5 each, he/she will supply checks that use stolen credentials (e.g. bank account) provided by the buyer. However, to purchase checks that use stolen credentials supplied by the counterfeiter the cost is $50 – a tenfold increase. This is a clear indicator that stolen credentials are a key enabler of check fraud. Check data fields include personal information (e.g. name, address and phone) and financial information (e.g. bank account, routing code and check number). To obtain all the required data fraudsters typically need to get their hands on a physical or scanned version of a real check in circulation. Many banking web sites provide access to scanned versions of paid and received checks. Online banking login credentials obtained through malware and phishing attacks can easily be used by fraudsters to access a victim’s account and collect all the required information to commit check fraud. In addition, before using the checks, fraudsters could potentially ensure account balance is sufficient to approve the transaction... Buyers are also encouraged to carry fake identification cards that match the stolen credentials on the check. The check counterfeiter offers to provide these as well. This is the latest example of the how criminals can use malware and phishing techniques to make traditional physical fraud schemes more effective..."

    This machine has no brain.
    ....... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •