Twitter SCAMS spreading fast
FYI...
Twitter SCAMS spreading fast
- http://nakedsecurity.sophos.com/2011...preading-fast/
March 17, 2011 - "... Thousands of Twitter users are falling once again for a scam that requires victims to grant access to a malicious application. Today's scam seems to be a continuance of a trend in which the scammers are adapting their ego-driven bogus Facebook apps to operate on Twitter... If you accept the application, not only will it post to your Twitter feed, it will also display an image with a random number that supposedly represents the number of people who have viewed your profile. Not surprisingly, the revenue generating opportunity for these scammers is a fake IQ test that suggests you could win a free iPad*... The advice remains the same as for Facebook. Be cautious of which games/apps you approve and carefully audit the authorization page to see if an app wants control of your account or permission to post..."
* http://sophosnews.files.wordpress.co...ng?w=500&h=244
:fear::fear:
Fake Facebook email - Zbot and Black Hole Exploit Kit "all in one"
FYI...
Fake Facebook email - Zbot and Black Hole Exploit Kit "all in one"
- http://community.websense.com/blogs/...ents-spam.aspx
18 Mar 2011 - "Websense... has detected a new malicious email campaign that masquerades as originating from Facebook. The campaign appears to actually be originating from the Cutwail/Pushdo spam bot. This time round, the Cyber criminals employ two attack vectors: social engineering and an exploit kit. Both end up with the Zeus/Zbot Trojan installed on the targeted machines... The malicious email is spoofed to appear to be coming from Facebook.com and says: "Hi, someone loves your photo comments, please click on the link to see all comments". It provides a fake URL disguised as a formal Facebook link. Once clicked, the user is redirected to an attack page and is prompted to download and run an "update" from Facebook. The "update" file is a Zeus/Zbot Trojan variant. At the time of writing, the file had only a 7% detection*... The attack isn't over yet. While the fake Facebook page loads, the user's machine is attacked silently with several exploits in the background. The exploits are sent via an iframe contained in the fake Facebook attack page. This process happens silently when the attack page is loaded. The exploits are loaded from one of the most prevalent exploit kits today - the Blackhole exploit kit. -Any- successful exploitation results in the Zeus/Zbot Trojan installed silently on the user's machine..."
* http://www.virustotal.com/file-scan/...0f1-1300384459
File name: facebook.update.utility.exe.1
Submission date: 2011-03-17 17:54:19 (UTC)
Current status: finished
Result: 3/43 (7.0%)
There is a more up-to-date report...
- http://www.virustotal.com/file-scan/...0f1-1300478516
File name: 8bba2928b7060906a3d433a96856acbb
Submission date: 2011-03-18 20:01:56 (UTC)
Result: 14/41 (34.1%)
There is a more up-to-date report...
- http://www.virustotal.com/file-scan/...0f1-1300555240
File name: 8bba2928b7060906a3d433a96856acbb
Submission date: 2011-03-19 17:20:40 (UTC)
Result: 18/41 (43.9%)
:fear::mad::fear:
Spotify users attacked by drive-by malware...
FYI...
Spotify users attacked by drive-by malware...
- http://news.netcraft.com/archives/20...y-malware.html
25 March, 2011 - "Users of the Spotify Free music streaming software have been attacked by drive-by malware. At least one attack used a Java exploit to drop malicious executable code on a victim's computer, with AVG software identifying one of the malicious payloads as Trojan horse Generic_r.FZ. Another threat blocked by AVG was a Blackhole Exploit Kit hosted on the uev1 .co .cc domain. Several people have reported the problem to Spotify over the past 24 hours, and attacks are still being reported at the time of publication. It is believed that the attacks are being launched through malicious third-party adverts which are displayed in ad-supported versions of the Spotify software. By exploiting local software vulnerabilities, the attacker can then install malware on unprotected computers."
- http://community.websense.com/blogs/...cious-ads.aspx
25 Mar 2011 - "... The first report we have of a malicious ad being displayed is from around 11:30 GMT on March 24... In this case the malicious ad is actually displayed inside of the Spotify application... The application will render the ad code and run it as if it were run inside a browser. This means that the Blackhole Exploit Kit works perfectly fine and it's enough that the ad is just displayed to you in Spotify to get infected, you don't even have to click on the ad itself. So if you had Spotify open but running in the background, listening to your favorite tunes, you could still get infected. Seems like free does come at a price after all. Spotify removed all 3rd party ads in the free version while they did their investigation but the ads have now been turned back on again. Once the ad was displayed, the computer would connect to hxxp: //uev1 .co .cc where the exploit kit tries several vulnerabilities to infect the user. The IP address where the malicious content is hosted is well-known to us and we have seen it host the same exploit kit on several other domains... One of the vulnerabilities the exploit kit uses is a vulnerability in Adobe Reader/Acrobat. The kit uses a heavily obfuscated PDF file to make the infected computer download the fake AV software. Here are the VirusTotal reports for the PDF and the fake AV file*. Once the fake AV is launched it connects to the following domains to download additional content, including a rootkit** which is a packed version of TDSS:
• tuartma .in, rappour .in, findstiff .org, searchcruel .org, findclear .org, replity .in, searchgrubby .org, demivee .in, ripplig .in..."
(Screenshots and more detail available at the URL above.)
* http://www.virustotal.com/file-scan/...acf-1301413767
File name: L9FPB1.pdf
Submission date: 2011-03-29 15:49:27 (UTC)
Result: 12/43 (27.9%)
** http://www.virustotal.com/file-scan/...261-1301086553
File name: spotify_dropped.exe
Submission date: 2011-03-25 20:55:53 (UTC)
Result: 4/43 (9.3%)
There is a more up-to-date report...
- http://www.virustotal.com/file-scan/...261-1301408014
File name: f5dcd2415fa4b069c0b934baee109ea5
Submission date: 2011-03-29 14:13:34 (UTC)
Result: 21/41 (51.2%)
:mad::mad:
SPAM frauds, fakes, and other MALWARE deliveries...
FYI...
Twitter worm "Profile Spy"...
- http://www.theregister.co.uk/2011/04/05/twitter_worm/
5 April 2011 - "... a virally spreading worm that attempts to make money by scamming users into filling out surveys and viewing advertisements.
The rogue Twitter app is known as Profile Spy and gets installed by people who are tricked into believing it can tell them who has been viewing their online microposts. “Wow! See who viewed your twitter with Profile Spy,” the come-on reads. Those who click on the link are asked to allow the app to access and update their account data. Once they do so, they are presented with an unending series of popups for online surveys and ads promoting car insurance, long distance services and games, according to Errata Security CEO Rob Graham*, who blogged about the worm on Monday..."
* http://erratasec.blogspot.com/2011/0...ofile-spy.html
April 04, 2011
:fear::mad:
SpyEye banking trojan - same as ZeuS...
FYI...
SpyEye banking trojan - same as ZeuS...
- http://www.theregister.co.uk/2011/04...mobile_trojan/
5 April 2011 - "Cybercrooks have deployed a sophisticated man-in-the-mobile attack using the SpyEye banking Trojan toolkit. The Trojan, which infects Windows machines, displays additional content on a targeted European bank's webpage that requests prospective marks to input their mobile phone number and the IMEI of the device. The bank customer is informed the information is needed so that a new "digital certificate" can be sent to the phone... More information on the SpyEye-based mobile banking Trojan attack can be found in a blog post by F-Secure here*."
* http://www.f-secure.com/weblog/archives/00002135.html
April 4, 2011
:mad:
Internet Security Threat Report...
FYI...
Symantec Internet Security Threat Report...
- http://www.symantec.com/about/news/r...id=20110404_03
April 5, 2011 – "Symantec... today announced the findings of its Internet Security Threat Report, Volume 16, which shows a massive threat volume of more than 286 million new threats last year, accompanied by several new megatrends in the threat landscape...
> 2010: The Year of the Targeted Attack...
> Social Networks: Fertile Ground for Cybercriminals...
> Attack Toolkits Focus on Java...
> Mobile Threat Landscape Comes Into View...
> Key Facts and Figures:
• 286 million new threats...
• 93 percent increase in Web-based attacks...
• 260,000 identities exposed per breach...
• 14 new zero-day vulnerabilities...
• 6,253 new vulnerabilities...
• 42 percent more mobile vulnerabilities...
• One botnet with more than a million spambots - Rustock..."
(More detail available at the URL above.)
:fear::mad:
Facebook "video" SCAMS ...
FYI...
Facebook "video" SCAMS...
- http://community.websense.com/blogs/...-facebook.aspx
9 Apr 2011 - "... scam making its way across Facebook linking to a video titled "The Hottest & Funniest Golf Course Video - LOL"... When clicking on the link you're taken to the following page, tricking you into not only liking the page but also sharing it with your friends. It's doing this by using standard Facebook APIs... After liking and sharing the page, and attempting to view the video, the user is taken to a typical CPA Survey scam so in the end there's no video at all... As always, if a video forces you to like, share, or install an app to view it, DON'T..."
:mad:
SPAM malicious e-mail msgs continue...
FYI...
Virus Outbreak in Progress...
- http://www.ironport.com/toc/
- http://tools.cisco.com/security/cent...o=1&sortType=d
Malicious PDF Attachment E-mail Messages - April 13, 2011
- http://tools.cisco.com/security/cent...?alertId=22911
Fake Photograph Link E-mail Messages - April 13, 2011
- http://tools.cisco.com/security/cent...?alertId=22924
Fake Parcel Delivery Notification E-mail - April 13, 2011
- http://tools.cisco.com/security/cent...?alertId=22696
Fake Facebook Personal Message E-mail - April 13, 2011
- http://tools.cisco.com/security/cent...?alertId=20961
Malicious United Postal Svc Delivery Failure E-mail - April 13, 2011
- http://tools.cisco.com/security/cent...?alertId=22769
Fake Scanned Document E-mail Messages - April 12, 2011
- http://tools.cisco.com/security/cent...?alertId=21429
Fake Facebook Password Reset Notification E-mail Messages - April 12, 2011
- http://tools.cisco.com/security/cent...?alertId=22907
Fake Official Letter E-mail Messages - April 12, 2011
- http://tools.cisco.com/security/cent...?alertId=22910
Fake UPS Shipment Arrival E-mail Messages - April 12, 2011 ...
- http://tools.cisco.com/security/cent...?alertId=22030
:fear: