Page 63 of 70 FirstFirst ... 1353596061626364656667 ... LastLast
Results 621 to 630 of 694

Thread: SPAM frauds, fakes, and other MALWARE deliveries - archive

  1. #621
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Fake Facebook emails - 2012.05.04...

    FYI...

    Fake Facebook emails...
    - http://msmvps.com/blogs/spywaresucks.../1809472.aspx?
    May 4 2012 - "The pictured emails (below) are not real Facebook emails – look at the URLs that are exposed when you hover your mouse cursor over the “sign in” and “reactivate” links..."

    > http://msmvps.com/cfs-filesystemfile...0_2B858634.png

    > http://msmvps.com/cfs-filesystemfile...0_0F64A17C.png
    ___

    -13- million US Facebook users not using, or oblivious to, privacy controls
    - http://nakedsecurity.sophos.com/2012...vacy-controls/
    May 4, 2012

    - https://www.consumerreports.org/cont...k-privacy.html

    Last edited by AplusWebMaster; 2012-05-04 at 20:27.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #622
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down SPAM - BBB assistance e-mails w/malware...

    FYI...

    SPAM - BBB assistance e-mails w/malware...
    - http://nakedsecurity.sophos.com/2012...strikes-again/
    May 4, 2012 - "Once again, cybercriminals have spammed out emails claiming to come from the Better Business Bureau (BBB), with the intention of infecting Windows computers with malware... widespread malware attack that is being spammed out as an attachment to an email claiming to come from the BBB. The emails vary in their wording, but -all- claim that a consumer has complained about the company receiving the email. The details of the complaint, naturally, are contained inside the attached "BBB Report.zip" file (which, of course, contains malware)..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #623
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Badware stats...

    FYI...

    Recent badware stats
    - http://blog.stopbadware.org/2012/04/...badware-stats/
    April 27, 2012 - "... Enterprise users experienced an average of 339 Web malware encounters per month in 4Q11 (205% year over year).
    • Avg. 20,141 unique Web malware hosts per month in 2011 (vs. 14,217 in 2010)...
    • Approx. 30,000 new malicious URLs each day in 2H11; 80% of those are legitimate. 85% of malware comes from the web.
    • Malicious sites up 240 percent in 2011...
    • 40% of malnet entry points are via search engines/portals...
    • 23% of malicious domain registrations could be blocked with basic validation of contact info
    • Rogue AV campaign infected 200,000 Web pages, 30,000 unique hosts... geographically dispersed visitors.
    • On average, -two- popular websites (among the Alexa top 25,000) serve drive-by downloads each -day-. An estimated 1.6 million vulnerable users were exposed to drive-by downloads in one month across 58 popular (Alexa top 25,000) sites."
    (Links to sources available at the stopbadware URL above.)

    Last edited by AplusWebMaster; 2012-05-06 at 20:50.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #624
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Malware attacks on hotel net surfers ...

    FYI...

    Malware attacks on hotel net surfers...
    - http://www.ic3.gov/media/2012/120508.aspx
    May 8, 2012 - "Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while establishing an Internet connection in their hotel rooms. Recently, there have been instances of travelers' laptops being infected with malicious software while using hotel Internet connections. In these instances, the traveler was attempting to setup the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely-used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available. The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products on their hotel Internet connection. Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack. The FBI also recommends that travelers perform software updates on laptops immediately before traveling, and that they download software updates directly from the software vendor’s Web site if updates are necessary while abroad..."

    > https://krebsonsecurity.com/2012/05/...cess-bad-idea/
    May 11, 2012 - "... avoid updating software while using hotel or other public Internet connections... There are a number of free attack tools that can be used to spoof software update prompts, and these are especially effective against users on small local networks. Bear in mind that false update prompts don’t have to involve pop-ups..."

    Last edited by AplusWebMaster; 2012-05-11 at 15:20.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #625
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Bogus emails: Amazon...

    FYI...

    Bogus emails: Amazon.com - Your Cancellation
    - https://isc.sans.edu/diary.html?storyid=13177
    Last Updated: 2012-05-09 17:49:29 UTC - "There are bogus order cancellation emails going around claiming to be from Amazon... copy I received linked to the URL... which contains this is in the body:
    <script type="text/javascript">window.location="http ://leibypharmacylevitra .com";</script> ... It is probably safe to assume that the content of that site is -not- user friendly..."
    (More detail at the ISC URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #626
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Gh0st RAT served on compromised Amnesty International UK website...

    FYI...

    Gh0st RAT served on compromised Amnesty International UK website...
    - http://community.websense.com/blogs/...mpromised.aspx
    11 May 2012 - "Between May 8 and 9, 2012... Websense... detected that the Amnesty International United Kingdom website was compromised. The website was apparently injected with malicious code for these 2 days. During that time, website users risked having sensitive data stolen and perhaps infecting other users in their network. However, the website owners rectified this issue after we advised them about the injection. In early 2009, we discovered this same site was compromised, and in 2010, we reported another injection of an Amnesty International website, this time the Hong Kong site. In the most recent case, we noticed that the exploit vector used was the same Java exploit (detailed in CVE-2012-0507) that has been used worldwide, and which has become somewhat infamous as the cause of the recent massive Mac OS X infection with Flashback... screen shot of the detected code injection:
    > http://community.websense.com/cfs-fi...5.sshot001.png
    ... we can see the similarities between this injection and the INSS injection* we reported last week. This clearly shows the use of the Metasploit framework and the precise name of the Java class used. In addition, the associated JAR file is a well-known vector exploit for the CVE-2012-0507... we recognize that this is a variant of the well-known Remote Administration Tool Gh0st RAT**, which is used mainly in targeted attacks to gain complete control of infected systems... The Remote Administration Center commands to the compromised system originate from this address: shell .xhhow4 .com. At the time of this writing, the address is still active."

    * http://community.websense.com/blogs/...tion-flow.aspx

    ** http://en.wikipedia.org/wiki/Ghost_Rat

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #627
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Fake Flash Player for Android = Malware

    FYI...

    Fake Flash Player for Android = Malware
    - http://blog.trendmicro.com/malware-m...r-for-android/
    May 10, 2012 - "... social engineering tactic using Adobe‘s name...
    > http://blog.trendmicro.com/wp-conten...droid011_1.jpg
    ... This webpage is also found to be hosted on Russian domains, similar to the fake Instagram and Angry Birds Space apps that we previously reported. To further entice users into downloading the fake Adobe Flash Player app, the text on the webpage claims that it is fully compatible with any Android OS version... When users opt to download and install the said fake app, the site connects to another URL to download malicious .APK file, which Trend Micro detects as ANDROIDOS_BOXER.A. ANDROIDOS_BOXER.A is a premium service abuser, which means it sends messages to premium numbers without the user’s permission, thus leading to unwanted charges. This type of Android malware is just one of the types we were able to identify in our infographic, A Snapshot of Android Threats*. Upon further investigation, we have seen a bunch of URLs that are hosted on the same IP as this particular website. Based on the naming alone used in these URLs, it appears that Android is a favorite target for cybercriminals behind this scheme..."
    * http://blog.trendmicro.com/a-snapsho...s-infographic/

    > http://about-threats.trendmicro.com/...d-smartphones/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #628
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Spamvertised ‘Pizzeria Order Details’ ...

    FYI...

    Spamvertised ‘Pizzeria Order Details’ ...
    - http://blog.webroot.com/2012/05/11/s...s-and-malware/
    May 11, 2012 - "... Cybercriminals are currently spamvertising hundreds of thousands of emails, impersonating FLORENTINO`s Pizzeria, and enticing users into clicking on a client-side exploits and malware serving link in order to cancel a $169.90 order that they never really made. Once the user clicks on the link, they will be -redirected- to a compromised site serving client-side exploits and ultimately dropping multiple malicious binaries on their hosts upon a successful infection.
    Malicious URL: hxxp ://oldsoccer .it/page1 .htm?RANDOM_STRINGS
    ... The Russian domains are -fast-fluxed- by the cybercriminals in an attempt to make it harder for security researchers and vendors to take down their campaign. We’ve seen a similar fast-flux technique applied in the following campaign – "Spamvertised ‘Your tax return appeal is declined’ emails* serving client-side exploits and malware..."
    (More detail at the webroot URL above.)

    * http://blog.webroot.com/2012/03/22/s...s-and-malware/

    Global Fast Flux
    > http://atlas.arbor.net/summary/fastflux
    ___

    spamalysis - VALERIO Pizza Order Confirmation
    - https://spamalysis.wordpress.com/201...-confirmation/
    "... malicious page contained javascript that redirected victims to a Phoenix Exploit kit..."

    Last edited by AplusWebMaster; 2012-05-13 at 17:03.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #629
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation $485M stolen by cybercriminals - 2011 IC3 Report released

    FYI...

    IC3 2011 Internet Crime Report released
    - http://www.ic3.gov/media/2012/120511.aspx
    May 10, 2012 - "The Internet Crime Complaint Center (IC3) today released the 2011 Internet Crime Report* — an overview of the latest data and trends of online criminal activity. According to the report, 2011 marked the third year in a row that the IC3 received more than 300,000 complaints. The 314,246 complaints represent a 3.4 percent increase over 2010. The reported dollar loss was $485.3 million ...
    In 2011, IC3 received and processed, on average, more than 26,000 complaints per month. The most common complaints received in 2011 included FBI-related scams — schemes in which a criminal poses as the FBI to defraud victims — identity theft, and advance-fee fraud. The report also lists states with the top complaints, and provides loss and complaint statistics organized by state..."
    * http://www.ic3.gov/media/annualrepor..._IC3Report.pdf

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #630
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Gh0st RAT served on compromised Amnesty International Hong Kong website...

    FYI...

    Gh0st RAT served on compromised Amnesty International Hong Kong website...
    - http://community.websense.com/blogs/...mpromised.aspx
    May 14, 2012 - "... Update: Websense... detected that the Amnesty International Hong Kong sister website was also compromised to serve Gh0st RAT over the weekend, and the malicious codes are still live and active. Below are some of the pages infected redirecting to the exploits. Websense Security Labs will continue to monitor and update any new changes to this attack..."
    > http://community.websense.com/cfs-fi...2D00_550x0.png

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •