Page 1 of 35 1234511 ... LastLast
Results 1 to 10 of 350

Thread: Old Alerts

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Old Alerts

    Easily can happen when a visitor to ANY site enters the "names and e-mail addresses of...friends...". If you really want them to visit the site, just send them the URL yourself in an e-mail:

    - http://www.techweb.com/article/print...section=700028
    March 24, 2006
    "The Federal Trade Commission on Thursday nailed a spammer with a record-setting $900,000 fine for violating the CAN-SPAM Act. According to a complaint filed by the FTC, JumpStart Technologies of San Francisco, Calif. has spammed consumers since 2002, sending millions of messages disguised as personal e-mails in an attempt to hype its FreeFlixTix Web site. JumpStart, charged the FTC, collected e-mail addresses by offering free movie tickets to consumers in exchange for ratting out the names and e-mail addresses of five or more friends...
    The spam scam also misled consumers who took the bait and went to FreeFlixTix, with some of the "free" ticket offers requiring credit card registration that in many cases resulted in charges made to the account. JumpStart's FreeFlixTix site is now offline..."

    :(
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Old Alerts

    FYI...

    - http://antiphishing.org/crimeware.html
    "The Phishing and Crimeware map displays the most recent data collected by Websense Security Labs (WS Labs) and provides a historical look into where Phishing and Crimeware related websites are hosted on the Internet. Upon discovery, each site is looked up via its IP Address to track the country of origin through the appropriate IP registrars and plotted on the map. The data is updated approximately 15 minutes after discovery."


    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Default Alerts - Q2-2007

    FYI...

    - http://isc.sans.org/diary.html?storyid=2612
    Last Updated: 2007-04-12 20:54:39 UTC ...(Version: 10) ~ "...The Subject of the email (that we have seen so far) say:
    "Worm Alert!"
    "Worm Detected"
    "Virus Alert"
    "ATTN!"
    "Trojan Detected!"
    "Worm Activity Detected!"
    "Spyware Detected!"
    "Dream of You"
    "Virus Activity Detected!"
    It has two attachments, one being an image with 'panic-worded text', and the other is a password protected zip file, whose password is revealed in the image. The zip file appears to be named:
    "patch-<random 4 or 5 digit number>.zip"
    "bugfix-<random 4 or 5 digit number>.zip"
    "hotfix-<random 4 or 5 digit number>.zip"
    "removal-<random 4 or 5 digit number>.zip" ..."

    - http://www.pcworld.com/printable/art...printable.html
    April 12, 2007 03:00 PM PDT ~ "...Postini*, an e-mail security company, says that over the last 24 hours it has seen about 55 million virus e-mails, about 60 times the daily average. The first e-mails had romance-themed subjects: "A kiss so gentle," or "I dream of you," for instance. The latest batch attempts to fool readers--with subjects like "Worm Alert!" or "Virus Alert!"--into thinking they are already infected and need to apply a supplied patch--an attached virus... Cloudmark, another e-mail security company, says it sees similar outbreak numbers. Today's flood is ten times as large as one this past Sunday, which also involved the virulent Storm Worm..."
    * http://www.postini.com/stats/index.php

    > http://www.informationweek.com/share...leID=199000691
    --------------------------------------

    > http://www.f-secure.com/weblog/archi....html#00001167
    Friday, April 13, 2007 - Posted @ 02:19 GMT
    --------------------------------------

    - http://www.informationweek.com/share...leID=199000950
    April 13, 2007 ~ "...The Internet Storm Center reported detecting at least 20,000 infections, while the Security Response Team at Symantec said they received several hundred thousand reports of the malicious e-mail making the rounds. That all changed on Friday morning when the attack went quiet... Encrypting the malicious code makes it much more difficult for anti-virus programs to catch it, and if they can't catch it, they can't stop it. If a user opens the file, his machine is infected with the malware and it then connects to a peer-to-peer network where it can upload data, including personal information from the infected computer. It also can download additional malware onto the infected system. The fact that infected computers connect through a peer-to-peer system and not to a standalone server or even a node makes it extremely hard to shut down... Paul Henry, VP of technology evangelism with Secure Computing, said in an interview that this latest Storm attack was aimed at building out the hackers' botnet. "The whole end game is building a bigger, better botnet," he said..."

    (Arrgghh!)
    Last edited by AplusWebMaster; 2007-04-14 at 00:34. Reason: Added Informationweek item...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Stration/Warezov worms prolific...

    FYI...

    - http://www.f-secure.com/weblog/archi....html#00001172
    April 19, 2007 ~ "It's been awhile since the last attack of the Warezov gang. But it seems now they're back in action... e-mail of the new Warezov... being spammed... The zip file attachment contains an executable file that uses a text file icon as a decoy (Update-KB4765-x86.exe)... This executable file is a downloader for its other components. The link is encrypted with a simple XOR. For system administrators, you may want block network traffic from the following malicious link: linktunhdesa .com /h[REMOVED]2.exe ..."

    (Screenshots available at the F-secure URL above.)


    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Virus Writers Taint Google Ad Links

    FYI...

    - http://blog.washingtonpost.com/secur...google_ad.html
    April 25, 2007 ~ "Virus writers have been gaming Google's "sponsored links" -- the paid ads shown alongside search engine results*. They are aiming to get their malicious software installed on computers whose users click onto ad links after searching for legitimate sites such as BBBonline.org, the official Web site of the Better Business Bureau. Sponsored links allow customers to buy advertisements attached to a particular search term. When a Google user enters a term into the firm's search engine, the ad belonging to the advertiser that bid the highest price for that search term appears at the top of the list of search results. According to a report at Exploit Prevention Labs**, while the top sponsored links that showed up earlier this week when users searched for "BBB," "BBBonline" or "Cars.com" appeared to direct visitors to those sites, they initially would route people who clicked on the ads through an intermediate site. The intermediate site attempted to exploit a vulnerability in Microsoft Windows to silently install software designed to steal passwords and other sensitive information from infected PCs. The attackers exploited a flaw in Microsoft's Internet Explorer Web browser, a problem that the company issued a patch to fix..."
    >>> * http://blog.washingtonpost.com/securityfix/gnh.html

    ** http://explabs.blogspot.com/2007/04/...-not-safe.html

    - http://weblog.infoworld.com/zeroday/...e_adwords.html
    April 25, 2007 ~ "...A closer inspection by Exploit Prevention Labs researchers revealed that the attacks were actually coming from a site called smarttrack.org, a Russian Web site that serves up a variety of Web exploits..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #6
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Angry Mobile spyware gets Certified...

    FYI...

    - http://www.f-secure.com/weblog/archi....html#00001190
    May 11, 2007 ~ "...Mobile spyware and spying tools have been active lately. This week, we have received samples of two new mobile spying tools – running on new platforms. There is now spyware for both Windows Mobile and Symbian S60 3rd Edition devices... Spyware is being developed by commercial companies that have a lot more resources, skills, and motivation to get their creations to work. Both new spying tools are rather similar in their capabilities. After being installed on the device, they hide from the user and report information from the phone to a central server. From there, it can be accessed through a web page interface. An interesting fact is that the spyware for the Symbian 3rd Edition platform is Symbian signed. Therefore it can be installed without any warnings and is capable of operating without Symbian security alerting the user that something is going on... The fact that the spy tool authors could get their software certified indicates a potential issue when using digital signatures and certificates as the only security measure. On one hand the software is technically exactly what it claims to be, an application that backs up user data to a server. One the other hand, when the software is installed onto the device without the primary user's knowledge and permission, it can be used as a spying tool that compromises the said user's personal privacy. Thus if suspect applications cannot break security components, they can then play with the process of certification..."

    (Screenshots and more detail at the URL above.)


    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #7
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malicious Code: Large scale European Web Attack

    FYI...

    - http://www.websense.com/securitylabs...hp?AlertID=782
    June 18, 2007 ~ "Websense® Security Labs™ has received reports of a large scale attack in Europe that is using the MPACK* web exploit toolkit... At the time of this alert our ThreatSeeker technology has discovered more than *10,000* sites that have been compromised and have IFRAMES pointing to the hub infection site. Assuming users connect to one of the compromised sites and are vulnerable to one of several loaded exploits a Trojan Horse is downloaded onto their machine which is designed to steal banking, and potentially other confidential information through a (series) of web infection downloads. The main site has a statistics page and it has shown very large numbers of users connecting to the infected sites and high levels of users who have been compromised... The top regions are Italy, Spain, and the United States..."

    (Graphics and sample statistics available at the URL above.)

    * http://blogs.pandasoftware.com/blogs...red_2100_.aspx
    ------------------------------------------------

    - http://blog.trendmicro.com/another-m...n-italian-job/
    June 18, 2007 ~ "Remember LINKOPTIM, which exploited a number of legitimate Italian Web sites to spread malicious JavaScripts? Since early Saturday morning (June 16, 2007), Trend Micro has been receiving several reports of a new batch of hacked Italian Web sites that trigger a series of malware downloads once a user visits them. These infection series begin with a malicious IFRAME tag. Trend Micro detects Web pages hosting the said malicious tag as HTML_IFRAME.CU. All the compromised sites are hosted in Italy...Most of the legitimate Web sites that were compromised by the malware authors are related to tourism, automotive industry, movies and music, tax and employment services, some Italian city councils, and hotels sites. Apparently, most of these sites are hosted on one of the largest Web hoster/provider in Italy..."

    (Sample screenshot of a compromised Web site at the URL above.)

    Last edited by AplusWebMaster; 2007-06-19 at 03:12.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #8
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation 10,000 sites infected...

    More...

    - http://www.theregister.com/2007/06/1...stall_malware/
    18 June 2007 ~ "More than 10,000 websites have been infected by a sophisticated and fast-acting Trojan downloader that attempts to install malware on visiting PCs. At least one security firm, Trend Micro, is working with the FBI to contain the damage and track down the perpetrators. The attack is noteworthy for the number of sites it has managed to infect in a relatively short period of time. Between Friday and Sunday night, the number jumped from 1,100 to about 2,500. By Monday afternoon, California time, there were more than 10,000 infected sites, according to Paul Ferguson, a network architect for Trend Micro... The hacked websites cover the gamut, from a site connected to the rock musician Bon Jovi to one that tries to raise money for charity work of the late Mother Teresa. Most of the compromised sites are mom-and-pop run affairs and are concerned with travel or entertainment.

    An iframe buried underneath the hacked sites redirects users to a server that's hosted at a San Francisco-area co-location site that's been used previously by cyber criminals, Ferguson says. That site redirects to yet another server hosted in Chicago. The San Francisco server is registered to a front-company based in Hong Kong.

    Ferguson said researchers and authorities are trying to contain the attacks by getting the San Francisco and Chicago sites shut down. MPack is a powerful kit that bundles together many different malware tools. Among other things, it logs detailed information about the machines it attacks, including the IP addresses of machines it has infected and what exploits a particular user is vulnerable to. It is similar to another malkit called WebAttacker. The attack resembles one from February which targeted certain Miami Dolphins Web sites on the same day the National Football League team hosted the Super Bowl. The legions of fans who visited the site were redirected to third party sites that attempted to install malware on their machines. Such attacks are increasing, largely thanks to the growing use of powerful javascript that vastly improves the functionality of websites. Unfortunately, programmers haven't paid close enough attention to how these scripts can be abused..."
    -----------------------------------------

    - http://www.computerworld.com.au/inde...16;fpid;1;pf;1
    19/06/2007 ~ "..."The usual advice we give, 'avoid the bad neighborhoods of the Web,' just doesn't hold water anymore" when legitimate sites have been hacked and are serving up exploits left and right, Ferguson said. "Everywhere could be a bad neighborhood now."

    ...
    Last edited by AplusWebMaster; 2007-06-20 at 14:11.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #9
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Arrow

    Notes: As always, follow "Best practice...": Keep systems updated with all current MS patches and update/check 3rd party applications [Test here: http://secunia.com/software_inspector/ ].

    Hacks -will- take advantage when users don't.


    Last edited by AplusWebMaster; 2007-06-20 at 14:16.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #10
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Default Alerts - Q2-2007b

    FYI...

    - http://isc.sans.org/diary.html?storyid=3015
    Last Updated: 2007-06-20 21:42:28 UTC ~ "...Earlier today VeriSign/iDefense released some pretty good analysis of how it works, what the value of it is, and other goodies. This summary does not exist online but has been spread via email to the media and other outlets. Rather than trying to summarize it, iDefense gave the Internet Storm Center permission to reprint it in its entirety...
    '...More than 10,000 referral domains exist in a recent MPack attack, largely successful MPack attack in Italy, compromising at least 80,000 unique IP addresses. It is likely that cPanel exploitation took place on host provider leading to injected iFrames on domains hosted on the server. When a legitimate page with a hostile iFrame is loaded the tool silently redirects the victim in an iFrame to an exploit page crafted by MPack. This exploit page, in a very controlled manner, executes exploits until exploitation is successful, and then installs malicious code of the attacker's choice...
    ...MPack leverages multiple exploits, in a very controlled manner, to compromise vulnerable computers. Exploits range from the recent animated cursor (ANI) to QuickTime exploitation. The latest version of mPack, .90, includes the following exploits:
    MS06-014
    MS06-006
    MS06-044
    MS06-071
    MS06-057
    WinZip ActiveX overflow
    QuickTime overflow
    MS07-017...' "

    (Complete analysis at the URL above.)

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •