Page 70 of 70 FirstFirst ... 20606667686970
Results 691 to 694 of 694

Thread: SPAM frauds, fakes, and other MALWARE deliveries - archive

  1. #691
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Java 0-day added to Blackhole Exploit Kit

    FYI...

    Java 0-day added to Blackhole Exploit Kit
    - http://community.websense.com/blogs/...ploit-kit.aspx
    28 Aug 2012 - "... exploit code for the Java vulnerability has been added to the most prevalent exploit kit out there; Blackhole... The Pre.jar file (VirusTotal link*) will use the new vulnerability to install the malware (VirusTotal link**) itself. In this particular attack it was a banking trojan as can be seen from our ThreatScope report(1)... A technical analysis of these two vulnerabilities is available at the blog Immunity Products in this post(2)."
    * https://www.virustotal.com/file/65ac...f874/analysis/
    File name: Pre.jar
    Detection ratio: 17/42
    Analysis date: 2012-08-29 10:43:59 UTC
    ** https://www.virustotal.com/file/eee0...8137/analysis/
    File name: about.exe
    Detection ratio: 18/42
    Analysis date: 2012-08-29 04:32:07 UTC
    1) http://community.websense.com/cfs-fi...hreatscope.png
    2) http://immunityproducts.blogspot.com...2012-4681.html
    ___

    - http://h-online.com/-1677789
    29 August 2012 - "... Users who have a vulnerable version installed on their systems are advised to disable the browser plugin that provides Java support..."

    - https://krebsonsecurity.com/2012/08/...ged-two-flaws/
    August 29, 2012 - "... If you want to test whether you’ve successfully disabled Java, check out Rapid7's page, http://www.isjavaexploitable.com/ ."

    Last edited by AplusWebMaster; 2012-08-29 at 18:31.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #692
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Fake QuickBooks update email ...

    FYI...

    Fake QuickBooks update email ...
    - http://security.intuit.com/alert.php?a=54
    8/28/2012 - "People are receiving emails with one of the following titles: "Important QuickBooks Update, "QuickBooks Security Update," "Urgent: QuickBooks Update," and "QuickBooks Update: Urgent." There is a link in the email. DO NOT click on the link.
    Below is the text of the email people are receiving, including the errors in the email.

    'You will not be able to access your Intuit QuickBooks without updated Intuit Security Tool (IST) after 31th of August, 2012.
    You can update Intuit Security Tool here.
    After a successful download please run the setup for an automatic installation, then login to Intuit Quickbooks online to check that it is working properly.'


    This is the end of the -fake- email..."

    - http://blog.webroot.com/2012/08/29/c...erving-emails/
    August 29, 2012 - "... millions of emails impersonating Intuit Market, in an attempt to trick end and corporate users into clicking on the malicious links found in the emails. Upon clicking on them, users are exposed to the client-side exploits served by the Black Hole web malware exploitation kit..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #693
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java 0-day exploit on 100+ sites serving malware

    FYI...

    Java v7u7 / v6u35 released
    - http://forums.spybot.info/showpost.p...42&postcount=6
    August 30, 2012
    ___

    - http://www.symantec.com/connect/blog...ttack-campaign
    Update August 30, 2012 - "... using a Java zero-day, hosted as a .jar file on websites, to infect victims... attackers have been using this zero-day for several days since August 22... resolves to 223.25.233.244. That same IP was used by the Nitro attackers back in 2011..."

    - http://blog.trendmicro.com/the-nitro...-java-zero-day
    Aug 30, 2012

    - http://nakedsecurity.sophos.com/2012...ted-tax-email/
    August 30, 2012
    - http://nakedsecurity.sophos.com/2012...ixes-for-java/
    August 30, 2012
    ___

    Java 0-day exploit on 100+ sites serving malware
    - https://www.computerworld.com/s/arti..._serve_malware
    August 29, 2012 - "... Websense... had found more than 100 unique domains serving the Java exploit. "The number is definitely growing...and because Blackhole has an updatable framework and already has a foothold on thousands of sites, we anticipate that the number of sites compromised with this new zero-day will escalate rapidly in the coming days"... Yesterday, Michael Coates, Mozilla's director of security assurance, urged Firefox users to disable the browser's Java plug-in because Oracle has not issued fixes... Mozilla has the ability to add extensions or plug-ins to the Firefox add-on blocklist if they cause significant security or performance issues. Firefox automatically queries the blocklist and notifies users before disabling the targeted add-ons..."
    ___

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-4681 - 10.0 (HIGH)
    Last revised: 08/31/2012 - "... as exploited in the wild in August 2012..."

    - http://h-online.com/-1677789
    29 August 2012 - "... Users who have a vulnerable version installed on their systems are advised to disable the browser plugin that provides Java support..."

    - https://krebsonsecurity.com/2012/08/...ged-two-flaws/
    August 29, 2012 - "... If you want to test whether you’ve successfully disabled Java, check out Rapid7's page, http://www.isjavaexploitable.com/ ."

    - http://www.darkreading.com/taxonomy/...e/id/240006469
    Aug 29, 2012

    Last edited by AplusWebMaster; 2012-09-01 at 03:28.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #694
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Fake UPS, Paypal SPAM links to malware ...

    FYI...

    Fake UPS SPAM links to malware
    - http://blog.webroot.com/2012/08/31/c...serve-malware/
    August 31, 2012 - "Cybercriminals are currently mass mailing millions of emails impersonating the United Parcel Service (UPS) in an attempt to trick users into downloading and executing the malicious file hosted on a compromised web site...
    Sample screenshot of the spamvertised email:
    > https://webrootblog.files.wordpress....am_malware.png
    ... location of the malicious archive: buzzstar .co .uk/Label_Copy_UPS.zip
    The malware has a MD5: b702590c01f76f02e2d8d98833d1c95f * ...
    * https://www.virustotal.com/file/04d1...aefb/analysis/
    File name: file-4438621_exe
    Detection ratio: 20/25
    Analysis date: 2012-08-31 02:25:37 UTC

    Fake Paypal SPAM links to malware
    - http://blog.webroot.com/2012/08/30/c...serve-malware/
    August 30, 2012 - "Cybercriminals are currently spamvertising millions of emails impersonating PayPal, in an attempt to trick PayPal users into executing the malicious attachment found in the emails. Using ‘Notification of payment received‘ subjects, the campaign is relying on the end user’s gullibility in an attempt to infect them with malware. Once executed, it grants a malicious attacker complete control over the victim’s PC...
    Sample screenshot of the spamvertised email:
    > https://webrootblog.files.wordpress....on_malware.png
    ... The malware has a MD5: 9c2f2cabf00bde87de47405b80ef83c1 * ...
    * https://www.virustotal.com/file/1f5f...d67a/analysis/
    File name: smona_1f5f4cb69a892d0bc2e8d6bf17de2087517a7a336523b44536c9b7385c07d67a.bin
    Detection ratio: 37/42
    Analysis date: 2012-08-29 08:33:11 UTC

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •