Fake Facebook emails - 2012.05.04...
FYI...
Fake Facebook emails...
- http://msmvps.com/blogs/spywaresucks.../1809472.aspx?
May 4 2012 - "The pictured emails (below) are not real Facebook emails – look at the URLs that are exposed when you hover your mouse cursor over the “sign in” and “reactivate” links..."
> http://msmvps.com/cfs-filesystemfile...0_2B858634.png
> http://msmvps.com/cfs-filesystemfile...0_0F64A17C.png
___
-13- million US Facebook users not using, or oblivious to, privacy controls
- http://nakedsecurity.sophos.com/2012...vacy-controls/
May 4, 2012
- https://www.consumerreports.org/cont...k-privacy.html
:mad: :mad:
SPAM - BBB assistance e-mails w/malware...
FYI...
SPAM - BBB assistance e-mails w/malware...
- http://nakedsecurity.sophos.com/2012...strikes-again/
May 4, 2012 - "Once again, cybercriminals have spammed out emails claiming to come from the Better Business Bureau (BBB), with the intention of infecting Windows computers with malware... widespread malware attack that is being spammed out as an attachment to an email claiming to come from the BBB. The emails vary in their wording, but -all- claim that a consumer has complained about the company receiving the email. The details of the complaint, naturally, are contained inside the attached "BBB Report.zip" file (which, of course, contains malware)..."
:sad: :mad:
Malware attacks on hotel net surfers ...
FYI...
Malware attacks on hotel net surfers...
- http://www.ic3.gov/media/2012/120508.aspx
May 8, 2012 - "Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while establishing an Internet connection in their hotel rooms. Recently, there have been instances of travelers' laptops being infected with malicious software while using hotel Internet connections. In these instances, the traveler was attempting to setup the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely-used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available. The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products on their hotel Internet connection. Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack. The FBI also recommends that travelers perform software updates on laptops immediately before traveling, and that they download software updates directly from the software vendor’s Web site if updates are necessary while abroad..."
> https://krebsonsecurity.com/2012/05/...cess-bad-idea/
May 11, 2012 - "... avoid updating software while using hotel or other public Internet connections... There are a number of free attack tools that can be used to spoof software update prompts, and these are especially effective against users on small local networks. Bear in mind that false update prompts don’t have to involve pop-ups..."
:mad:
Gh0st RAT served on compromised Amnesty International UK website...
FYI...
Gh0st RAT served on compromised Amnesty International UK website...
- http://community.websense.com/blogs/...mpromised.aspx
11 May 2012 - "Between May 8 and 9, 2012... Websense... detected that the Amnesty International United Kingdom website was compromised. The website was apparently injected with malicious code for these 2 days. During that time, website users risked having sensitive data stolen and perhaps infecting other users in their network. However, the website owners rectified this issue after we advised them about the injection. In early 2009, we discovered this same site was compromised, and in 2010, we reported another injection of an Amnesty International website, this time the Hong Kong site. In the most recent case, we noticed that the exploit vector used was the same Java exploit (detailed in CVE-2012-0507) that has been used worldwide, and which has become somewhat infamous as the cause of the recent massive Mac OS X infection with Flashback... screen shot of the detected code injection:
> http://community.websense.com/cfs-fi...5.sshot001.png
... we can see the similarities between this injection and the INSS injection* we reported last week. This clearly shows the use of the Metasploit framework and the precise name of the Java class used. In addition, the associated JAR file is a well-known vector exploit for the CVE-2012-0507... we recognize that this is a variant of the well-known Remote Administration Tool Gh0st RAT**, which is used mainly in targeted attacks to gain complete control of infected systems... The Remote Administration Center commands to the compromised system originate from this address: shell .xhhow4 .com. At the time of this writing, the address is still active."
* http://community.websense.com/blogs/...tion-flow.aspx
** http://en.wikipedia.org/wiki/Ghost_Rat
:mad:
Fake Flash Player for Android = Malware
FYI...
Fake Flash Player for Android = Malware
- http://blog.trendmicro.com/malware-m...r-for-android/
May 10, 2012 - "... social engineering tactic using Adobe‘s name...
> http://blog.trendmicro.com/wp-conten...droid011_1.jpg
... This webpage is also found to be hosted on Russian domains, similar to the fake Instagram and Angry Birds Space apps that we previously reported. To further entice users into downloading the fake Adobe Flash Player app, the text on the webpage claims that it is fully compatible with any Android OS version... When users opt to download and install the said fake app, the site connects to another URL to download malicious .APK file, which Trend Micro detects as ANDROIDOS_BOXER.A. ANDROIDOS_BOXER.A is a premium service abuser, which means it sends messages to premium numbers without the user’s permission, thus leading to unwanted charges. This type of Android malware is just one of the types we were able to identify in our infographic, A Snapshot of Android Threats*. Upon further investigation, we have seen a bunch of URLs that are hosted on the same IP as this particular website. Based on the naming alone used in these URLs, it appears that Android is a favorite target for cybercriminals behind this scheme..."
* http://blog.trendmicro.com/a-snapsho...s-infographic/
> http://about-threats.trendmicro.com/...d-smartphones/
:mad: :fear: :sad:
Spamvertised ‘Pizzeria Order Details’ ...
FYI...
Spamvertised ‘Pizzeria Order Details’ ...
- http://blog.webroot.com/2012/05/11/s...s-and-malware/
May 11, 2012 - "... Cybercriminals are currently spamvertising hundreds of thousands of emails, impersonating FLORENTINO`s Pizzeria, and enticing users into clicking on a client-side exploits and malware serving link in order to cancel a $169.90 order that they never really made. Once the user clicks on the link, they will be -redirected- to a compromised site serving client-side exploits and ultimately dropping multiple malicious binaries on their hosts upon a successful infection.
Malicious URL: hxxp ://oldsoccer .it/page1 .htm?RANDOM_STRINGS
... The Russian domains are -fast-fluxed- by the cybercriminals in an attempt to make it harder for security researchers and vendors to take down their campaign. We’ve seen a similar fast-flux technique applied in the following campaign – "Spamvertised ‘Your tax return appeal is declined’ emails* serving client-side exploits and malware..."
(More detail at the webroot URL above.)
* http://blog.webroot.com/2012/03/22/s...s-and-malware/
Global Fast Flux
> http://atlas.arbor.net/summary/fastflux
___
spamalysis - VALERIO Pizza Order Confirmation
- https://spamalysis.wordpress.com/201...-confirmation/
"... malicious page contained javascript that redirected victims to a Phoenix Exploit kit..."
:mad:
$485M stolen by cybercriminals - 2011 IC3 Report released
FYI...
IC3 2011 Internet Crime Report released
- http://www.ic3.gov/media/2012/120511.aspx
May 10, 2012 - "The Internet Crime Complaint Center (IC3) today released the 2011 Internet Crime Report* — an overview of the latest data and trends of online criminal activity. According to the report, 2011 marked the third year in a row that the IC3 received more than 300,000 complaints. The 314,246 complaints represent a 3.4 percent increase over 2010. The reported dollar loss was $485.3 million ...
In 2011, IC3 received and processed, on average, more than 26,000 complaints per month. The most common complaints received in 2011 included FBI-related scams — schemes in which a criminal poses as the FBI to defraud victims — identity theft, and advance-fee fraud. The report also lists states with the top complaints, and provides loss and complaint statistics organized by state..."
* http://www.ic3.gov/media/annualrepor..._IC3Report.pdf
:mad: :mad: :mad:
Gh0st RAT served on compromised Amnesty International Hong Kong website...
FYI...
Gh0st RAT served on compromised Amnesty International Hong Kong website...
- http://community.websense.com/blogs/...mpromised.aspx
May 14, 2012 - "... Update: Websense... detected that the Amnesty International Hong Kong sister website was also compromised to serve Gh0st RAT over the weekend, and the malicious codes are still live and active. Below are some of the pages infected redirecting to the exploits. Websense Security Labs will continue to monitor and update any new changes to this attack..."
> http://community.websense.com/cfs-fi...2D00_550x0.png
:mad: