Fake 'Facebook Account' SPAM, 'Apple ID' Phish ...
FYI...
Fake 'Facebook Account' SPAM - PDF malware
- http://myonlinesecurity.co.uk/facebo...e-pdf-malware/
2 Feb 2015 - "'Facebook Account Suspended' pretending to come from Facebook <noreply@ mail .fb .com> is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and follow the link and run the downloaded file... Google seems to be -ignoring- the report to take down this url so far today or are far too busy complaining about Microsoft and other program makers not issuing patches inside the 90 day time period that Google insist on, to do something really useful in actually protecting users from malware like this one... The email looks like:
Screenshot: http://myonlinesecurity.co.uk/wp-con...-suspended.png
2 February 2015 : TermsPolicies.pdf.exe - Current Virus total detections: 11/57*
This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/9...is/1422881129/
___
Fake 'Your Apple ID' - Phish ...
- http://myonlinesecurity.co.uk/apple-...kups-phishing/
2 Feb 2015 - "'Your Apple ID,was used to restore a device from one of your iCloud backups' pretending to come from Apple iTunes <orders@ tunes .co .uk> is one of the latest phish attempts to steal your Apple Account and your Bank, credit card and personal details. This one only wants your personal details, Apple log in details and your credit card and bank details. Many of them are also designed to specifically steal your email, facebook and other social network log in details as well... The original email looks like this It will NEVER be a genuine email from Apple or any other company so don’t ever click-the-link in the email. If you do it will lead you to a website that looks at first glance like the genuine Apple website but you can clearly see in the address bar, that it is -fake-. Some versions of this phish will ask you fill in the html (webpage) form that comes attached to the email. This one has a short url link ( https ://tr .im/JxUNR) in the email which -redirects- you... When you fill in your user name and password you get a page looking very similar to this one ( split into sections), where the phishers try to validate your details to make sure that you are entering “genuine ” information. They make sure that the bank account numbers have the correct number of digits and that the credit card numbers have the correct number of digits and format... All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email..."
(Screenshots available at the myonlinesecurity URL at the top of this post.)
___
Facebook porn video trojan affects 110K users in 2 days
- http://www.theinquirer.net/inquirer/...rs-in-two-days
Feb 02 2015 - "A TROJAN that has spread itself by posting links to a pornographic video has affected over 110,000 Facebook users in just 48 hours. The malware spreads from the account of previously infected users of the social network, tagging around 20 of their friends. If someone opens the link contained in the post, they will get a preview of a porn video which eventually stops and asks for a fake Flash player to be downloaded which contains the malware. The malware was uncovered by a security researcher called Mohammad Reza Faghan, who posted information about it on security mailing list archive Seclists.org*... the Trojan is different from previous examples seen on Facebook, which sent messages on behalf of the victim to a number of the victim's friends. Upon infection of those friends, the malware could go one step further and infect the friends of the initial friends. In the new technique, however, the malware has more visibility to the potential victims as it tags the friends of the victim in the malicious post. The malware is thought to be able to hijack keyboard and mouse movements if executed successfully once landing on a victim's machine."
* http://seclists.org/fulldisclosure/2015/Jan/131
___
Fake Chrome update Spam drops CTB Locker/Critroni Ransomware
- https://blog.malwarebytes.org/social...ni-ransomware/
Feb 2, 2015 - "Beware of emails appearing to come from Google warning you that “Your version of Google Chrome is potentially vulnerable and out of date”. In this latest spam wave, cyber crooks are tricking users into downloading the well-known browser, except that it’s a dangerous Trojan that will encrypt your personal files and demand a hefty ransom to decrypt them back:
> https://blog.malwarebytes.org/wp-con...15/02/spam.png
The payload is not attached to the email but instead gets downloaded from various websites that appear to have been compromised... Running “ChromeSetup.exe” will not install Google Chrome. Instead the Windows wallpaper will change to this:
> https://blog.malwarebytes.org/wp-con...encrypted1.png
This is not just a fake warning. The files on the systems are -indeed- encrypted:
> https://blog.malwarebytes.org/wp-con...encrypted4.png
The bad guys demand a ransom that can be paid using Bitcoins:
> https://blog.malwarebytes.org/wp-con...encrypted8.png
... The problem with ransomware is that while the active Trojans can be removed, it is much more difficult and sometimes impossible to recover the encrypted files. The folks at BleepingComputer* have some tips on how to restore your encrypted files. However, as is often the case, prevention is critical to avoid a nasty ransomware infection..."
* http://www.bleepingcomputer.com/viru...rmation#shadow
- http://net-security.org/malware_news.php?id=2952
03.02.2015
> http://www.net-security.org/images/a...l-03022015.jpg
