Page 67 of 70 FirstFirst ... 17576364656667686970 LastLast
Results 661 to 670 of 694

Thread: SPAM frauds, fakes, and other MALWARE deliveries - archive

  1. #661
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post Blended attacks in Q2 2012 ...

    FYI...

    Blended attacks in Q2 2012
    - http://www.commtouch.com/threat-report-july-2012/
    July 12, 2012 - "Commtouch’s quarterly Internet Threats Trend Report covers Web threats, phishing, malware, and spam. The July 2012 report describes how distributors of malware, spam and phishing attacks are relying more and more on compromised websites. This tactic is designed to outwit email security and Web security systems that consider a site’s reputation before blocking it. Legitimate websites with positive online reputations but with deficient plugins and known vulnerabilities were harvested en masse in the second quarter of 2012 to host redirects, malware, pharmacy sites and phony login pages. The hacked websites were combined with effective social engineering that exploited multiple well-known brands to draw in victims. Similar branding tricks were used to distributed malware via email attachments. The popular file synchronization and sharing site Dropbox was also used as a malware distribution point in an attack promising free movie tickets..."
    (More detail in slideshow at the URL above.)

    > http://images.slidesharecdn.com/comm...lide-5-728.jpg

    > http://images.slidesharecdn.com/comm...lide-7-728.jpg

    > http://images.slidesharecdn.com/comm...lide-8-728.jpg

    > http://images.slidesharecdn.com/comm...ide-27-728.jpg

    > http://images.slidesharecdn.com/comm...ide-28-728.jpg

    - http://www.commtouch.com/download/2336
    PDF

    - http://blog.commtouch.com/cafe/data-...ks-in-q2-2012/
    July 12, 2012 - Infographic
    ___

    2012 June Symantec Intelligence Report - slideshow:
    - http://www.slideshare.net/symantec/2...ligence-report
    Jul 06, 2012

    Last edited by AplusWebMaster; 2012-07-13 at 23:10.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #662
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Fake UPS emails - client-side exploits and malware

    FYI...

    Fake UPS emails - client-side exploits and malware ...
    - http://blog.webroot.com/2012/07/18/c...spam-campaign/
    July 18, 2012 - "... cybercriminals systematically abuse popular brands and online services. Next to periodically rotating the brands, they also produce professional looking email templates, in an attempt to successfully brand-jack these companies, and trick their customers into interacting with the malicious emails... currently spamvertised client-side exploits and malware serving campaign impersonating UPS (United Parcel Service). Once users click on the links found in the malicious email, they’re automatically redirected to a Black Hole exploit kit landing page serving client-side exploits, and ultimately dropping malware on the exploited hosts... Upon successful client-side exploitation, the campaign drops MD5: 4462c5b3556c5cab5d90955b3faa19a8 on the exploited hosts. Detection rate: the sample is detected by 29 out of 41 antivirus scanners** as Trojan.Injector.AFR; Worm.Win32.Cridex.fb... This is the -third- UPS-themed malware serving campaign that we’ve intercepted over the past two months. Next to the malware serving campaigns impersonating DHL, we expect that we’re going to see more malicious activity abusing these highly popular courier service brands. UPS has acknowledged this threat and offered its perspective here*..."
    * http://www.ups.com/content/us/en/res...+Name+or+Brand

    ** https://www.virustotal.com/file/dd52...b6b5/analysis/
    File name: 20120710_221334_4462C5B3556C5CAB5D90955B3FAA19A8_CAE93.VIR
    Detection ratio: 29/41
    Analysis date: 2012-07-14
    ___

    - http://tools.cisco.com/security/cent...utbreak.x?i=77
    Fake SpamCop E-mail Account Alert Notification E-mail Messages - New July 19, 2012
    Fake FedEx Shipment Notification E-mail Messages- Updated July 19, 2012
    Fake Hotel Reservation Confirmation Details E-mail Messages- Updated July 19, 2012
    Fake Product Order Notification E-mail Messages - New July 19, 2012
    Fake Contract Notification E-mail Messages - Updated July 19, 2012
    Fake DHL Express Tracking Notification E-mail Messages - Updated July 19, 2012
    Fake USPS Package Delivery Notification E-mail Messages- Updated July 19, 2012
    Fake Airline Ticket Confirmation Attachment E-mail Messages - Updated July 19, 2012 ...

    Last edited by AplusWebMaster; 2012-07-19 at 21:47.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #663
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Fake Facebook email leads to malware

    FYI...

    Fake Facebook email leads to malware ...
    - http://nakedsecurity.sophos.com/2012...-notification/
    July 17, 2012 - "Be wary of emails claiming to be from Facebook, and saying that you have been tagged in a photograph. Because it might be that you're the next potential victim of a malware attack. SophosLabs has intercepted a spammed-out email campaign, designed to infect recipients' computers with malware...
    > https://sophosnews.files.wordpress.c...ware-email.jpg
    ... (Did you notice what was odd about the email? The 'from' address misspells Facebook as "Faceboook" with three "o"s) If you click on the link in the email, you are -not- taken immediately to the real Facebook website. Instead, your browser is taken to a website hosting some malicious iFrame script (which takes advantage of the Blackhole exploit kit)..."
    ___

    The Rise of the “Blackhole” Exploit Kit:
    The Importance of Keeping All Software Up To Date
    - https://blogs.technet.com/b/security...edirected=true
    19 Jul 2012

    Top 10 locations with the most detections of Blacole - second half 2011 (2H11)
    > https://blogs.technet.com/cfs-filesy...-43/5127.5.jpg

    Last edited by AplusWebMaster; 2012-07-21 at 03:38.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #664
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Olympic malware on the Web ...

    FYI...

    Olympic malware on the Web ...
    - http://community.websense.com/blogs/...pic-games.aspx
    20 Jul 2012 - "... Websense... researchers are already seeing data-stealing malware that aims to capitalize on the Games. Malware piggybacks on the buzz surrounding current, high profile events like the Olympics in order to steal personal data. Olympics-themed content armed with malware is introduced mainly through social engineering-based attacks. The cyber criminals behind the themed attacks know that they have a better chance of enticing potential victims by appearing current and relevant to a hot topic. That gets clicks, and the chance to spread their data-stealing creations... the Polish Computing Emerging Response Team (CERT)... analyzed an interesting sample of data-stealing malware*. This malware, once executed, has the ability to interact with social channels like Facebook, Skype, and Microsoft Live Messenger. This particular variant spreads malicious URLs through those channels and the victim's contact list... it employs a socially engineered attack accompanied by a malicious URL that ultimately leads to a malware file that is part of a bot network... analysis is based on a sample (MD5: 3E50B76C0066C314D224F4FD4CBF14D5 ) of the same malware family reported by the CERT.PL advisory. It is also detected as Pushbot, which is known to be a data-stealing malware variant... the malware looks in memory for these processes: opera.exe, firefox.exe, iexplore.exe, skype.exe, and msnmsgr.exe. When it uses a web browser, the malware changes the starting page to redirect user HTTP sessions to malicious websites. In the case of Skype or Microsoft Live Messenger, the malicious process is able to forge HTTP requests with malicious payloads to users in the victim's contacts list. We have also detected a Facebook URL forger used to build proper HTTP requests and send them to the Facebook server. In this way, if there is an active Facebook session, the malware can send malicious messages to the victim's Facebook friends list... The IP addresses so far are: 46.220.203.212, 89.63.178.149, and 39.54.215.205... The URL hxxp ://lokralbumsgens. com/pictures.php?pic=google is still active, and the domain was registered 20 days ago..."
    * http://www.cert.pl/news/5587/langswitch_lang/en

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #665
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Fake Intuit emails lead to BlackHole exploit kit

    FYI...

    Fake Intuit emails lead to BlackHole exploit kit
    - http://blog.webroot.com/2012/07/20/s...e-exploit-kit/
    July 20, 2012 - "Cybercriminals are currently spamvertising millions of emails impersonating Intuit, in an attempt to trick end and corporate users into clicking on the malicious links found in the emails. The emails pretend to be coming from Intuit’s PaymentNetwork and acknowledge the arrival of an incoming payment. In reality though, they -redirect- users to Black Hole exploit kit landing URLs where client-side exploits are served, and ultimately malware is dropped on the infected hosts.
    Screenshot of the spamvertised Intuit themed malicious email:
    > https://webrootblog.files.wordpress....ng?w=592&h=175
    ... Upon clicking on the links found in the email, users are exposed to the following -bogus- “Page loading…” page:
    > https://webrootblog.files.wordpress....malware_01.png
    - Spamvertised URLs: hxxp ://sklep.kosmetyki-nel .pl/intpmt.html; hxxp ://kuzeybebe .com/o3whbp0G/index.html; hxxp ://senzor .rs/prolintu.html
    - Client-side exploits serving URLs: hxxp ://69.194.194.238/view.php?s=2acc7093df3a2945;
    hxxp ://proamd-inc .com/main.php?page=8cb1f95c85bce71b;
    hxxp ://thaidescribed .com/main.php?page=8cb1f95c85bce71b
    - Client-side exploits served:
    http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-1885 - 9.3 (HIGH)
    ... Upon successful client-side exploitation, the campaign drops MD5: 4462c5b3556c5cab5d90955b3faa19a8* on the exploited hosts.
    * https://www.virustotal.com/file/dd52...b6b5/analysis/
    SHA256: dd529f7529692c2ebfe9da9eb7a83a7ac9d672782d93c6a82400aa3845cfb6b5
    File name: file
    Detection ratio: 33/42
    Analysis date: 2012-07-20 10:47:57 UTC
    ... Worm.Win32.Cridex.fb; Worm:Win32/Cridex.B. Upon execution, the sample phones back to renderingoptimization .info – 87.255.51.229, Email: pauletta_carbonneau2120 @quiklinks .com on port 443. Here is information on Intuit’s Online Security Center about this threat:
    > http://security.intuit.com/alert.php?a=49 ..."
    ___

    The Rise of the “Blackhole” Exploit Kit:
    ... The Importance of Keeping All Software Up To Date
    - https://blogs.technet.com/b/security...edirected=true
    19 Jul 2012

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #666
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Malware targets Facebook users with Children’s Charity SCAM

    FYI...

    Malware targets Facebook users with Children’s Charity SCAM
    - https://www.trusteer.com/blog/malwar...s-charity-scam
    July 24, 2012 - "We recently discovered a configuration of the Citadel malware that targets Facebook users with a fake request for donations to children’s charities in order to steal credit card data. After users have logged into their Facebook account, the Citadel injection mechanism displays a pop up that encourages the victim to donate $1 to children who “desperately” need humanitarian aid. Then, it asks users to fill in their credit card details. The malware is configured to deliver the attack based on the user's country/language settings, with web-injection pages in five different languages: English, Italian, Spanish, German and Dutch. In an interesting twist, the criminals do not reuse the same text for every language. Instead, they have customized each attack based on the victim’s country and/or region... This attack illustrates the continuing customization of financial malware and harvesting of credit card data from the global base of Facebook users. Using children’s charities as a scam makes this attack believable and effective. Meanwhile, the one dollar donation amount is low enough that virtually anyone can contribute if they choose. This is a well-designed method for stealing credit and debit card data on a massive scale."
    (More detail at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #667
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Malware served using bogus ‘Hotel Reservation Confirmation’ emails

    FYI...

    Malware served using bogus ‘Hotel Reservation Confirmation’ emails...
    - http://blog.webroot.com/2012/07/23/c...themed-emails/
    July 23, 2012 - "... Cybercriminals are currently spamvertising millions of emails impersonating Booking.com, in an attempt to trick end and corporate users into downloading and executing the malicious archive attached to the emails...
    Screenshot of a sample spamvertised email:
    > https://webrootblog.files.wordpress....am_malware.png
    ... The malicious Hotel-Reservation-Confirmation_from_Booking.exe (MD5: 7b60d5b4af4b1612cd2be56cfc4c1b92 ) executable is detected... as Backdoor.Win32.Androm.cp; Mal/Katusha-F ..."
    * https://www.virustotal.com/file/c57f...be80/analysis/
    SHA256: c57f3f74ccc38913e094480aa09593d3f28f73c48d621fe5136d4bb9f249be80
    File name: file
    Detection ratio: 34/41
    Analysis date: 2012-07-24
    ___

    Threat Outbreak Alerts
    - http://tools.cisco.com/security/cent...utbreak.x?i=77
    Fake Airline Ticket Confirmation Attachment E-mail Message - Updated July 24, 2012
    Fake FedEx Shipment Notification E-mail Messages - Updated July 24, 2012
    Fake Product Details Attachment E-mail Messages - New July 24, 2012 ...

    Last edited by AplusWebMaster; 2012-07-24 at 19:28.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #668
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Malware-laced traffic ticket SPAM coming to an Inbox near you...

    FYI...

    Malware-laced traffic ticket SPAM coming to an Inbox near you
    - http://blog.webroot.com/2012/07/25/c...themed-emails/
    July 25, 2012 - "Not fearing prosecution, cybercriminals regularly impersonate law enforcement online in an attempt to socially engineer end users and corporate users into interacting with their malicious campaigns. From 419 scams, police ransomware, to law enforcement themed malware-serving email campaigns, cybercriminals continue abusing the international branches of various law enforcement agencies... a currently spamvertised malware-serving campaign, indicating that the user has “violated red light traffic signal” and that he should download the -fake- camera recording of his vehicle attached to the email...
    Screenshot of the spamvertised email:
    > https://webrootblog.files.wordpress....am_malware.png
    ... The attached malware*... is detected... as Trojan:W32/Agent.DTYU; Backdoor.Win32.Androm.dc..."
    * https://www.virustotal.com/file/bca3...f549/analysis/
    File name: file
    Detection ratio: 34/41
    Analysis date: 2012-07-25

    - http://www.hyphenet.com/blog/2012/07...nbox-near-you/
    25 July 2012
    ___

    ‘Download your USPS Label’ emails serve malware
    - http://blog.webroot.com/2012/07/26/s...serve-malware/
    July 26, 2012

    Last edited by AplusWebMaster; 2012-07-26 at 23:20.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #669
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Twitter targeted to spread exploits/malware serving tweets

    FYI...

    Twitter targeted to spread exploits/malware serving tweets
    - http://blog.webroot.com/2012/07/27/c...erving-tweets/
    July 27, 2012 - "Over the past several days, cybercriminals have been persistently spamvertising thousands of exploits and malware serving links across the most popular micro blogging service. Upon clicking on the [links], users are exposed to the exploits served by the Black Hole web malware exploitation kit...
    Screenshot of a sample automatically registered account spamvertising malicious links to thousands of Twitter users:
    > https://webrootblog.files.wordpress....xploit_kit.png
    ... an automatically generated subdomain is spamvertised with an .html link consisting of the name of the prospective victim. The cybercriminals behind the campaign are harvesting Twitter user names, then automatically generating the username.html files. For the time being, they’re only relying on two static propagation messages, namely, “It’s about уou?” and “It’s уou оn photo?“... the redirection also takes place through the following domains
    hxxp ://traffichouse .ru/?2 – 176.57.209.69
    hxxp ://traffichouse .ru/?5 – 176.57.209.69
    Responding to the same 176.57.209.69 IP are also the following domains:
    forex-shop .com
    abolyn.twmail .info
    pclive .ru
    ecoinstrument .ru
    Client-side exploits serving domain: hxxp ://oomatsu.veta .su/main.php?page=afaf1d234c788e63
    Upon successful client-side exploitation, the campaign drops MD5: 5d1e7ea86bee432ec1e5b3ad9ac43cfa* on the affected hosts. Upon execution, the sample phones back to the following URLs, where it downloads additional malware on the affected hosts:
    hxxp ://112.121.178.189 /api/urls/?ts=1f737428&affid=35000
    hxxp ://thanosactpetitioned .cu.cc/f/notepad.exe?ts=1f737428&affid=35000 ..."
    * https://www.virustotal.com/file/139d...85b5/analysis/
    File name: 5d1e7ea86bee432ec1e5b3ad9ac43cfa.exe
    Detection ratio: 16/41
    Analysis date: 2012-07-27 19:21:48 UTC

    - http://nakedsecurity.sophos.com/2012...hoto-disguise/
    July 27, 2012
    Sample-look-alikes...
    > https://sophosnews.files.wordpress.c...eets.jpg?w=640
    > https://sophosnews.files.wordpress.c...you1.jpg?w=640

    Blackhole malware attack spreading on Twitter ...
    - http://atlas.arbor.net/briefs/
    Severity: Elevated Severity
    July 27, 2012
    Another attack by the BlackHole exploit kit reminds us that patching is most important.
    Analysis: If a user clicks on these links posted to various twitter feeds, they will be redirected to a Black Hole exploit kit website that will attempt to exploit vulnerabilities on their system that can be reached through the web browser. Unpatched Java is one of the most popular attack methods these days, however a batch of other issues in technologies such as Adobe Reader, Flash and various browsers are also part of the attack strategy. Robust patching for home and enterprise users will greatly reduce the pain of such exploit kits that are based on "drive-by" exploits. The enticement tactic is always going to change, but the intent is the same - to trick the user into clicking on something and getting infected.
    Source: Outbreak: http://nakedsecurity.sophos.com/2012...hoto-disguise/
    ___

    > http://status.twitter.com/

    > http://blog.twitter.com/

    Last edited by AplusWebMaster; 2012-07-31 at 22:00.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #670
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down More Olympic malware...

    FYI...

    More Olympic malware ...

    Relay Race To Ruin: Cybercrime in the Olympics
    - http://blog.trendmicro.com/relay-rac...-the-olympics/
    Illegal TV Cards Allowing Free Olympic Viewing Sold Online
    - http://blog.trendmicro.com/illegal-t...g-sold-online/
    Bogus London Olympics 2012 Ticket Site Spotted
    - http://blog.trendmicro.com/bogus-lon...-site-spotted/
    Countdown to the Olympics: Are You Safe?
    - http://blog.trendmicro.com/countdown...-are-you-safe/
    Spammed Messages* Attempt to Cash In on London 2012 Olympics
    - http://blog.trendmicro.com/spammed-m...2012-olympics/

    * http://blog.trendmicro.com/wp-conten...ics_2012_1.jpg

    * http://blog.trendmicro.com/wp-conten...ics_2012_2.jpg

    * http://blog.trendmicro.com/wp-conten...ics_2012_3.jpg

    More Olympics-related threats - Blackhat Search Engine Optimization (BHSEO)
    > http://blog.trendmicro.com/more-lond...lated-threats/
    July 29, 2012

    - http://research.zscaler.com/2012/07/...rom-scams.html
    July 28, 2012
    ___

    > http://tools.cisco.com/security/cent...utbreak.x?i=77
    Fake Roxy Palace Casino Promotional Code Notification E-mail Messages - Updated July 30, 2012
    Fake UPS Payment Document Attachment E-mail Messages - Updated July 30, 2012
    Fake Financial Transaction Scanned Document - New July 30, 2012
    Fake Bank Transfer Receipt E-mail Messages - New July 30, 2012
    Fake Picture Link E-mail Messages - Updated July 30, 2012
    Fake Coupon Offer E-mail Messages - Updated July 30, 2012
    Fake German E-mail Billing Requests - New July 30, 2012
    Fake Blocked Credit Card Notification E-mail Messages - Updated July 30, 2012
    Malicious Personal Pictures Attachment E-mail Messages - Updated July 30, 2012 ...

    Last edited by AplusWebMaster; 2012-07-31 at 15:57.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •