Online stock trading risky
FYI...
Online stock trading is risky
- http://www.f-secure.com/weblog/archives/00001909.html
March 17, 2010 - "Buying and selling stock online is big business. It also carries it's own risks. And we don't mean the risk of doing bad investments; we mean loosing access to your trading account because your computer got infected by a keylogger. Take a case of Mr. Valery Maltsev from St. Petersburg. Maltsev runs an investment company called Broco Investments... Unfortunately (to him), Maltsev was yesterday charged by US Securities & Exchange commission. They claim that Maltsev's extraordinary gains in thinly traded NASDAQ and NYSE stocks were not a co-incidence. Apparently Maltsev used malware with keyloggers to gain access to other people's online trading accounts. With such accounts, he could buy stocks at inflated prices, and use his real account to sell the same stock, for instant gains. Quoting from the SEC Complaint:
On December 21,2009, at 13:37, BroCo bought shares of Ameriserv Financial, Inc (ASRV) at a price of $1.51 per share. Approximately one minute later, three accounts at Scottrade were illegally accessed and used to purchase shares of ASRV at prices ranging from $1.545 to $1.828 per share. While this was happening, BroCo sold shares of ASRV at prices ranging from $1.70 to $1.80 per share, finishing at 13:52. By trading shares of ASRV within minutes of unauthorized trading through the compromised accounts, Maltsev and BroCo grossed $141,500 in approximately fifteen minutes, realizing a net profit of $17,760 ..."
- http://www.theregister.co.uk/2010/03..._dump_hacking/
16 March 2010 - "... The scheme earned at least $255,532 from August to December at a cost of $603,000 to broker-dealers, which had to reimburse customers... The lawsuit seeks an order freezing the Genesis accounts and requiring Maltsev to repay the lost funds..."
:eek::mad:
Battery recharger software trojan - more...
FYI...
Battery recharger software trojan - more...
- http://www.theregister.co.uk/2010/03...rojan_returns/
18 March 2010 - "... the file that spreads the infection was -still- being distributed Wednesday evening on a European site operated by the consumer-products company. According to this VirusTotal analysis*, UsbCharger_setup_V1_1_1.exe is flagged as malicious by 24 of the 42 leading anti-virus firms. To make sure it wasn't a false positive, The Register checked with anti-virus firms Immunet and Trend Micro, both of which said the infection is real. Contrary to the VirusTotal results, the threat is also flagged by Symantec's Norton AV app, Immunet added. Trend Micro Senior Threat Researcher Paul Ferguson said his company's AV product also protects against it by flagging a key dll file, rather than the executable file. Microsoft labels the trojan as Arurizer.A and warns that it installs a backdoor on user machines that allows attackers to upload, download, and delete files at will, install additional malware and carry out other nefarious deeds. Twelve days ago, Energizer pledged to mount an investigation into how such a gaffe could have happened. The company has yet to release the results of that probe... Sometimes, the low-tech - or no-tech - solution is the way to go."
* http://www.virustotal.com/analisis/7...1d7-1268871703
File UsbCharger_setup_V1_1_1.exe received on 2010.03.18 00:21:43 (UTC)
Result: 24/42 (57.14%)
:mad::mad:
Zeus trojan - SPAM warning
FYI...
Zeus trojan campaign Warning - SPAM
- http://www.us-cert.gov/current/#us_c...s_against_zeus
March 17, 2010 - "US-CERT is aware of public reports of malicious code circulating via spam email messages impersonating the Department of Homeland Security (DHS). The attacks arrive via unsolicited email messages that may contain subject lines related to DHS or other government activity. These messages may contain a link or attachment. If users click on this link or open the attachment, they may be infected with malicious code, including the Zeus Trojan..."
:mad::mad:
‘Bad’ ISPs - Naming and Shaming...
FYI...
Naming and Shaming ‘Bad’ ISPs
- http://www.krebsonsecurity.com/2010/...ming-bad-isps/
March 19, 2010 - "Roughly two years ago, I began an investigation that sought to chart the baddest places on the Internet, the red light districts of the Web, if you will. What I found in the process was that many security experts, companies and private researchers also were gathering this intelligence, but that few were publishing it... Fast-forward to today, and we can see that there are a large number of organizations publishing data on the Internet’s top trouble spots... Brett Stone-Gross, a PhD candidate in UCSB’s Department of Computer Science, said he and two fellow researchers there sought to locate ISPs that exhibited a consistently bad reputation... “The networks you find in the FIRE rankings* are those that show persistent and long-lived malicious behavior,” Stone-Gross said... For instance, if you click this link** you will see the reputation history for ThePlanet.com..."
Top 20 Malicious Autonomous Systems...
* http://maliciousnetworks.org/index.php
** http://maliciousnetworks.org/chart.php?as=AS21844
- http://maliciousnetworks.org/chart.php?as=AS15169
:fear::fear:
Malicious medical ads flood Inboxes...
FYI...
Malicious medical ads flood users’ Inboxes
- http://blog.trendmicro.com/malicious...80%99-inboxes/
Mar. 21, 2010 - "TrendLabs observed an increase in malicious medical advertisements spammed to users’ e-mail inboxes. Two of the samples our engineers obtained looked legitimate, even had professional-looking graphics... Another was just the normal, everyday, plain-text spam... The spammed messages enticed recipients to purchase the medicines the scammers were selling. These lured recipients with supposed huge discounts, ranging from 70–80% off of all products. The messages also sported links that when clicked redirected users to a spoofed online store that sold male organ-enhancing pills. More recently, a spam run that uses a new feature was discovered. Instead of asking recipients to click an embedded link or an image, it asked them to open the .JPG file attachment—an image of Viagra and Cialis—along with the line, “DO NOT CLICK, JUST ENTER (a particular URL) IN YOUR BROWSER.” The spammed messages also contained a series of salad words to avoid being filtered..."
(Screenshots available at the URL above.)
:fear::mad:
Facebook "Dislike button" likes Hotbar
FYI...
Facebook "Dislike button" likes Hotbar
- http://sunbeltblog.blogspot.com/2010...es-hotbar.html
March 23, 2010 - "... It seems the tactic of offering up Firefox (but giving you something else entirely) is going to be around for a little while. Below is a site promoting a Firefox .xpi called “The Dislike Button”, designed to let you add an “I dislike this” note to Facebook posts... The domain is dislikes(dot)info. Note the “Get Firefox” button at the top... you’re given the option of downloading a setup file from Hotbar…not exactly the Firefox download you were expecting. Should the end-user install it thinking this will give them Firefox, they’re very much mistaken... What they actually get is the option to download Hotbar (and no Firefox), complete with a preticked ShopperReports checkbox... Additionally, there’s a text link further down the page asking you to “Get Firefox now” which also directs you to the Hotbar install... I think... I dislike this."
(Screenshots available at the URL above.)
:mad:
Skype toolbar Outlook SCAM
FYI...
Skype toolbar for Outlook SCAM
- http://securitylabs.websense.com/con...erts/3586.aspx
03.23.2010 - " Websense... has discovered a new wave of email attacks targeting the Skype Email Toolbar. Up to now, the amount of spam is not large, but we believe it will increase. The spam email message contains a file attachment named SkypeToolbarForOutlook.zip, which could easily deceive users but is in fact a backdoor trojan that has a very low AV detection*. The spam email copies the look and feel of the legitimate application from Skype..."
* http://www.virustotal.com/analisis/9...751-1269327702
File SkypeToolbarForOutlook.exe received on 2010.03.23 07:01:42 (UTC)
Result: 6/42 (14.29%)
(Screenshots available at the Websense URL above.)
Skype SPIM (Instant Messaging SPAM)
- http://www.m86security.com/labs/i/Sk...race.1289~.asp
March 26, 2010 - With over 520 million users, Skype is the most popular VoIP (Voice over IP) application available today. It provides a great service, allowing families, friends and colleagues to connect to one another through voice and video chat across the globe. However, being so popular doesn’t come without a price. The price that is paid is in the form of Skype SPIM (Instant Message Spam). These messages are pushed out to a large percentage of Skype users on a regular basis. The SPIM messages can range from the common pharmaceutical product spam, to fake OEM software, investment scams, replica bags and watches, and adult dating site spam..."
(More detail and screenshots at the URL above.)
:mad:
ZBOT variants targeting European Banks
FYI...
ZBOT variants targeting European Banks
- http://blog.trendmicro.com/new-zbot-...uropean-banks/
March 23, 2010 - "... new ZBOT variant mainly targeting four European countries’ banking systems in Italy, England, Germany, and France. Trend Micro detects this variant as TROJ_ZBOT.BYP. It targets major consumer European Banks and financial institutions with high-profile clientele. The targeted companies include the major UniCredit Group Subsidiary Bank of Rome; U.K.-based Abbey National (more commonly known as Abbey); Hong Kong’s HSBC; Germany’s leading IT service provider in the cooperative financial system, the FIDUCIA Group; and one of France’s largest retail banks, Crédit Mutuel... The ZeuS toolkit enables cybercriminals to create and customize their own remote-controlled malware. The infected machine then becomes part of the criminal ZeuS botnet. ZBOT variants are information stealers specializing in robbing online banking information from victims and sending back the information to its command-and-control (C&C) server. At its most basic level, ZeuS has always been known for engaging in criminal activities, as it signals a new wave of online criminal business enterprises wherein different organizations can cooperate with one another to perpetrate outright online theft and fraud... The domains used by TROJ_ZBOT.BYP are both hosted on the same server, which is located in Serbia under a registered name. The IP address used and its registered name are both well-known for being part of FAKEAV-hosting domains and previous Canadian pharmacy spam campaigns..."
- http://threatinfo.trendmicro.com/vin...onnection.html
"... Since 2007... Trend Micro has seen over 2,000 ZBOT detections and the numbers continue to rise..."
:mad:
Fake Apple App Store Malicious SPAM
FYI...
Fake Apple App Store Malicious SPAM
- http://securitylabs.websense.com/con...erts/3587.aspx
03.24.2010 - "Websense... has discovered that Apple's App Store has become the latest target for email attacks and spam. App Store is the service provided by Apple Inc. as a platform to purchase and download applications for iPhone®, iPod touch®, and iPad™. The attack comes in the form of a fake invoice email. With Apple's App Store being one of the most popular shopping platforms for multimedia, this kind of App Store invoice email is familiar to users and tends to be received frequently. As demonstrated here, cyber-criminals clearly jump at a chance to spread their spam using any available means. The content in this campaign resides on compromised Web sites and serves a combination of pharmaceutical spam along with exploits that are delivered in the background. Some of the messages serve only pharmaceutical spam and some combine spam with exploits. In the example below, clicking the link in the message redirects the user to a site with a single link labeled "visit". In the background, a known exploit pack called "Eleonore" is delivered to the user's machine. If the user clicks on the link, they are redirected to a "Canadian Pharmacy" Web site. In this particular attack instance the file dropped by the exploit pack has 29% detection rate*..."
* http://www.virustotal.com/analisis/5...5ae-1269442230
File updates.exe received on 2010.03.24 14:50:30 (UTC)
Result: 12/41 (29.27%)
(Screenshots available at the Websense URL above.)
- http://blog.trendmicro.com/spammers-...e-apple-store/
Mar. 25, 2010
:mad: