Page 23 of 70 FirstFirst ... 1319202122232425262733 ... LastLast
Results 221 to 230 of 694

Thread: SPAM frauds, fakes, and other MALWARE deliveries - archive

  1. #221
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Online stock trading risky

    FYI...

    Online stock trading is risky
    - http://www.f-secure.com/weblog/archives/00001909.html
    March 17, 2010 - "Buying and selling stock online is big business. It also carries it's own risks. And we don't mean the risk of doing bad investments; we mean loosing access to your trading account because your computer got infected by a keylogger. Take a case of Mr. Valery Maltsev from St. Petersburg. Maltsev runs an investment company called Broco Investments... Unfortunately (to him), Maltsev was yesterday charged by US Securities & Exchange commission. They claim that Maltsev's extraordinary gains in thinly traded NASDAQ and NYSE stocks were not a co-incidence. Apparently Maltsev used malware with keyloggers to gain access to other people's online trading accounts. With such accounts, he could buy stocks at inflated prices, and use his real account to sell the same stock, for instant gains. Quoting from the SEC Complaint:
    On December 21,2009, at 13:37, BroCo bought shares of Ameriserv Financial, Inc (ASRV) at a price of $1.51 per share. Approximately one minute later, three accounts at Scottrade were illegally accessed and used to purchase shares of ASRV at prices ranging from $1.545 to $1.828 per share. While this was happening, BroCo sold shares of ASRV at prices ranging from $1.70 to $1.80 per share, finishing at 13:52. By trading shares of ASRV within minutes of unauthorized trading through the compromised accounts, Maltsev and BroCo grossed $141,500 in approximately fifteen minutes, realizing a net profit of $17,760 ..."

    - http://www.theregister.co.uk/2010/03..._dump_hacking/
    16 March 2010 - "... The scheme earned at least $255,532 from August to December at a cost of $603,000 to broker-dealers, which had to reimburse customers... The lawsuit seeks an order freezing the Genesis accounts and requiring Maltsev to repay the lost funds..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #222
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Battery recharger software trojan - more...

    FYI...

    Battery recharger software trojan - more...
    - http://www.theregister.co.uk/2010/03...rojan_returns/
    18 March 2010 - "... the file that spreads the infection was -still- being distributed Wednesday evening on a European site operated by the consumer-products company. According to this VirusTotal analysis*, UsbCharger_setup_V1_1_1.exe is flagged as malicious by 24 of the 42 leading anti-virus firms. To make sure it wasn't a false positive, The Register checked with anti-virus firms Immunet and Trend Micro, both of which said the infection is real. Contrary to the VirusTotal results, the threat is also flagged by Symantec's Norton AV app, Immunet added. Trend Micro Senior Threat Researcher Paul Ferguson said his company's AV product also protects against it by flagging a key dll file, rather than the executable file. Microsoft labels the trojan as Arurizer.A and warns that it installs a backdoor on user machines that allows attackers to upload, download, and delete files at will, install additional malware and carry out other nefarious deeds. Twelve days ago, Energizer pledged to mount an investigation into how such a gaffe could have happened. The company has yet to release the results of that probe... Sometimes, the low-tech - or no-tech - solution is the way to go."
    * http://www.virustotal.com/analisis/7...1d7-1268871703
    File UsbCharger_setup_V1_1_1.exe received on 2010.03.18 00:21:43 (UTC)
    Result: 24/42 (57.14%)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #223
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Zeus trojan - SPAM warning

    FYI...

    Zeus trojan campaign Warning - SPAM
    - http://www.us-cert.gov/current/#us_c...s_against_zeus
    March 17, 2010 - "US-CERT is aware of public reports of malicious code circulating via spam email messages impersonating the Department of Homeland Security (DHS). The attacks arrive via unsolicited email messages that may contain subject lines related to DHS or other government activity. These messages may contain a link or attachment. If users click on this link or open the attachment, they may be infected with malicious code, including the Zeus Trojan..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #224
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation ‘Bad’ ISPs - Naming and Shaming...

    FYI...

    Naming and Shaming ‘Bad’ ISPs
    - http://www.krebsonsecurity.com/2010/...ming-bad-isps/
    March 19, 2010 - "Roughly two years ago, I began an investigation that sought to chart the baddest places on the Internet, the red light districts of the Web, if you will. What I found in the process was that many security experts, companies and private researchers also were gathering this intelligence, but that few were publishing it... Fast-forward to today, and we can see that there are a large number of organizations publishing data on the Internet’s top trouble spots... Brett Stone-Gross, a PhD candidate in UCSB’s Department of Computer Science, said he and two fellow researchers there sought to locate ISPs that exhibited a consistently bad reputation... “The networks you find in the FIRE rankings* are those that show persistent and long-lived malicious behavior,” Stone-Gross said... For instance, if you click this link** you will see the reputation history for ThePlanet.com..."

    Top 20 Malicious Autonomous Systems...
    * http://maliciousnetworks.org/index.php

    ** http://maliciousnetworks.org/chart.php?as=AS21844

    - http://maliciousnetworks.org/chart.php?as=AS15169

    Last edited by AplusWebMaster; 2010-03-19 at 13:51.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #225
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down

    FYI...

    Twitter phishing attack...
    - http://www.f-secure.com/weblog/archives/00001911.html
    March 21, 2010 - "Today there's a phishing run underway in Twitter, using Direct Messages ("DMs"). These are private one-to-one Tweets inside Twitter... If you mistakenly give out your credentials, the attackers will start sending similar Direct Messages to your contacts, posing as you. The ultimate goal of the attackers is to gain access to a large amount of valid Twitter accounts, then use these accounts to post Tweets with URLs pointing to malicious websites which will take over users computers when clicked... The good news is that Twitter is already filtering these from being posted, although it's unclear if they are also removing already-delivered DMs. Also, the Twitter built-in link shorteners (twt.tl and bit.ly) already detect the URLs as malicious."

    (Screenshots available at the URL above.)

    Last edited by AplusWebMaster; 2010-03-22 at 02:43.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #226
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Malicious medical ads flood Inboxes...

    FYI...

    Malicious medical ads flood users’ Inboxes
    - http://blog.trendmicro.com/malicious...80%99-inboxes/
    Mar. 21, 2010 - "TrendLabs observed an increase in malicious medical advertisements spammed to users’ e-mail inboxes. Two of the samples our engineers obtained looked legitimate, even had professional-looking graphics... Another was just the normal, everyday, plain-text spam... The spammed messages enticed recipients to purchase the medicines the scammers were selling. These lured recipients with supposed huge discounts, ranging from 70–80% off of all products. The messages also sported links that when clicked redirected users to a spoofed online store that sold male organ-enhancing pills. More recently, a spam run that uses a new feature was discovered. Instead of asking recipients to click an embedded link or an image, it asked them to open the .JPG file attachment—an image of Viagra and Cialis—along with the line, “DO NOT CLICK, JUST ENTER (a particular URL) IN YOUR BROWSER.” The spammed messages also contained a series of salad words to avoid being filtered..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #227
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Facebook "Dislike button" likes Hotbar

    FYI...

    Facebook "Dislike button" likes Hotbar
    - http://sunbeltblog.blogspot.com/2010...es-hotbar.html
    March 23, 2010 - "... It seems the tactic of offering up Firefox (but giving you something else entirely) is going to be around for a little while. Below is a site promoting a Firefox .xpi called “The Dislike Button”, designed to let you add an “I dislike this” note to Facebook posts... The domain is dislikes(dot)info. Note the “Get Firefox” button at the top... you’re given the option of downloading a setup file from Hotbar…not exactly the Firefox download you were expecting. Should the end-user install it thinking this will give them Firefox, they’re very much mistaken... What they actually get is the option to download Hotbar (and no Firefox), complete with a preticked ShopperReports checkbox... Additionally, there’s a text link further down the page asking you to “Get Firefox now” which also directs you to the Hotbar install... I think... I dislike this."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #228
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Skype toolbar Outlook SCAM

    FYI...

    Skype toolbar for Outlook SCAM
    - http://securitylabs.websense.com/con...erts/3586.aspx
    03.23.2010 - " Websense... has discovered a new wave of email attacks targeting the Skype Email Toolbar. Up to now, the amount of spam is not large, but we believe it will increase. The spam email message contains a file attachment named SkypeToolbarForOutlook.zip, which could easily deceive users but is in fact a backdoor trojan that has a very low AV detection*. The spam email copies the look and feel of the legitimate application from Skype..."
    * http://www.virustotal.com/analisis/9...751-1269327702
    File SkypeToolbarForOutlook.exe received on 2010.03.23 07:01:42 (UTC)
    Result: 6/42 (14.29%)
    (Screenshots available at the Websense URL above.)

    Skype SPIM (Instant Messaging SPAM)
    - http://www.m86security.com/labs/i/Sk...race.1289~.asp
    March 26, 2010 - With over 520 million users, Skype is the most popular VoIP (Voice over IP) application available today. It provides a great service, allowing families, friends and colleagues to connect to one another through voice and video chat across the globe. However, being so popular doesn’t come without a price. The price that is paid is in the form of Skype SPIM (Instant Message Spam). These messages are pushed out to a large percentage of Skype users on a regular basis. The SPIM messages can range from the common pharmaceutical product spam, to fake OEM software, investment scams, replica bags and watches, and adult dating site spam..."
    (More detail and screenshots at the URL above.)

    Last edited by AplusWebMaster; 2010-03-27 at 12:38.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #229
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down ZBOT variants targeting European Banks

    FYI...

    ZBOT variants targeting European Banks
    - http://blog.trendmicro.com/new-zbot-...uropean-banks/
    March 23, 2010 - "... new ZBOT variant mainly targeting four European countries’ banking systems in Italy, England, Germany, and France. Trend Micro detects this variant as TROJ_ZBOT.BYP. It targets major consumer European Banks and financial institutions with high-profile clientele. The targeted companies include the major UniCredit Group Subsidiary Bank of Rome; U.K.-based Abbey National (more commonly known as Abbey); Hong Kong’s HSBC; Germany’s leading IT service provider in the cooperative financial system, the FIDUCIA Group; and one of France’s largest retail banks, Crédit Mutuel... The ZeuS toolkit enables cybercriminals to create and customize their own remote-controlled malware. The infected machine then becomes part of the criminal ZeuS botnet. ZBOT variants are information stealers specializing in robbing online banking information from victims and sending back the information to its command-and-control (C&C) server. At its most basic level, ZeuS has always been known for engaging in criminal activities, as it signals a new wave of online criminal business enterprises wherein different organizations can cooperate with one another to perpetrate outright online theft and fraud... The domains used by TROJ_ZBOT.BYP are both hosted on the same server, which is located in Serbia under a registered name. The IP address used and its registered name are both well-known for being part of FAKEAV-hosting domains and previous Canadian pharmacy spam campaigns..."
    - http://threatinfo.trendmicro.com/vin...onnection.html
    "... Since 2007... Trend Micro has seen over 2,000 ZBOT detections and the numbers continue to rise..."

    Last edited by AplusWebMaster; 2010-03-24 at 13:22.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #230
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Fake Apple App Store Malicious SPAM

    FYI...

    Fake Apple App Store Malicious SPAM
    - http://securitylabs.websense.com/con...erts/3587.aspx
    03.24.2010 - "Websense... has discovered that Apple's App Store has become the latest target for email attacks and spam. App Store is the service provided by Apple Inc. as a platform to purchase and download applications for iPhone®, iPod touch®, and iPad™. The attack comes in the form of a fake invoice email. With Apple's App Store being one of the most popular shopping platforms for multimedia, this kind of App Store invoice email is familiar to users and tends to be received frequently. As demonstrated here, cyber-criminals clearly jump at a chance to spread their spam using any available means. The content in this campaign resides on compromised Web sites and serves a combination of pharmaceutical spam along with exploits that are delivered in the background. Some of the messages serve only pharmaceutical spam and some combine spam with exploits. In the example below, clicking the link in the message redirects the user to a site with a single link labeled "visit". In the background, a known exploit pack called "Eleonore" is delivered to the user's machine. If the user clicks on the link, they are redirected to a "Canadian Pharmacy" Web site. In this particular attack instance the file dropped by the exploit pack has 29% detection rate*..."
    * http://www.virustotal.com/analisis/5...5ae-1269442230
    File updates.exe received on 2010.03.24 14:50:30 (UTC)
    Result: 12/41 (29.27%)

    (Screenshots available at the Websense URL above.)

    - http://blog.trendmicro.com/spammers-...e-apple-store/
    Mar. 25, 2010

    Last edited by AplusWebMaster; 2010-03-25 at 15:27.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •