Page 3 of 70 FirstFirst 12345671353 ... LastLast
Results 21 to 30 of 694

Thread: SPAM frauds, fakes, and other MALWARE deliveries - archive

  1. #21
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Spoofs, forgeries, and the like...

    FYI...

    - http://isc.sans.org/diary.html?storyid=4927
    Last Updated: 2008-08-24 18:15:34 UTC - "I received an email today from a reader (thank you) who reported that they received a piece of spam today that came from the address: monitoring @isp.com. (Notice the domain name.) Now, we have seen this type of spam before, you know, perpetrating like it comes from your ISP while just having a malicious link in it, etc. Except this time the spam was signed "ISC monitoring team" (Notice the first three letters, and how they differ from the domain name). So I am guessing that someone is trying to imitate us. And while we recognize that imitation is the most sincerest form of flattery, this kind could be actually damaging. Rest assured our faithful readers, this is not from us. First of all our email addresses are not "isp.com", nor "monitoring". We don't sign our emails "ISC monitoring team". Nor do we spell the word "Consortium" -- "Consorcium" (misspelling from the email)..."

    - http://www.f-secure.com/weblog/archives/00001488.html
    August 26, 2008 - "This morning we saw several spam runs in the country of Denmark. The messages are in Danish and they are sent to Danish e-mail addresses. The e-mail claims to be from us. It's not. Here's what the email looks like:
    From: supportupdate@f-secure.com
    Date: 26. August 2008 08:31
    Subject: Data er tillagt og sendt med denne meddelelse.
    Käre kunder!
    Regning
    Data er tillagt og sendt med denne meddelelse.
    Jeg bruger gratis F-secure antispamversion, som allerede har fjernet 338 spambreve.
    Antispam er helt gratis for private brugere.
    Attachment: f-secure.rar
    The attachment contains a file called update26.08.2008.exe, which, when run, drops a file called dcbcg.exe (Unker-related trojan) that connects to a server in Ukraine. We detect this trojan as Trojan:W32/Agent.FVO... The spam run must have been fairly large, as we've received more than 13,000 bounces to supportupdate @f-secure.com from non-existant email addresses alone..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #22
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Angry Who Deleted You on MSN Live?

    FYI...

    ‘Want to Know Who Deleted You on MSN Live?’
    - http://blog.trendmicro.com/want-to-k...u-on-msn-live/
    Aug. 26, 2008 - "While monitoring countless sites as part of our current Web threat strategy, we have stumbled upon a legitimate-looking prompt from MSN Live Messenger... or so it would appear (at first). As shown from the screen captures below, this prompt bears a close resemblance to the actual prompt being displayed by the MSN Live Messenger instant messaging application (also known as Windows Live Messenger) whenever a friend from the user’s friends list logs in. Potential victims who unfortunately encounter the site (Borradito.com) via spam or spammed IM is first enticed by the Web site’s description, which promises the capability to view which of their friends have removed them from their friends list, provided they are logged in, of course—a pretty convincing trick to lure users to key in their user names and passwords. As the Web site is accessed, a message prompt from MSN Live Messenger appears at the lower-right part of the screen, just below the system tray... Once users click on the prompt, they are diverted to a Flash-based window which also resembles an actual MSN group chat window... This routine is used to attract the users, as well as to build credibility. If the user goes back to the main site and enters their credentials, the site displays a list of users who have allegedly removed the affected user from their contact lists... What happens under the radar, however, is that the site captures the entered credentials and the accounts are then opened by a remote malicious user and IM messages containing a link to the Borradito phishing site are sent to all contacts on the affected account’s buddy list... This ensures further propagation of this threat. Directly at risk are MSN users and their contacts. The account information harvested in this account may be used to access various Windows Live services such as Windows Live Call (PC-to-phone calls), SkyDrive (file-sharing services), Spaces, and even Hotmail accounts under the same account. Today, your email accounts hold many important tidbits on different aspects of your life, job, and personal details many people would prefer not to be divulged to others. Letting your guard down can be be very costly and can lead to exploitation. The worst possible scenarios include identity theft and financial loss..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #23
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Critical Update: Please Patch Windows with Malware

    FYI...

    Critical Update: Please Patch Windows with Malware
    - http://blog.trendmicro.com/critical-...-with-malware/
    Aug, 27, 2008 - "After patching 11 vulnerabilities for this month’s Patch Tuesday, spam is being sent that falsely claims that the recipient should immediately install another critical Microsoft update... Patching one’s system using this spam as a guidance, however, downloads a multitude of badness, and one particular malicious piece of malware which is detected as EXPL_ANICMOO.GEN... Malware writers are counting on the urgency of the email’s tone to trick recipients into applying the “patch”..."

    (Screenshot available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #24
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Treasury Optimizer - malware update...

    FYI...

    Treasury Optimizer - malware update
    - http://blog.trendmicro.com/treasury-...-with-malware/
    Aug. 30, 2008 - "Treasury Optimizer is an online banking tool offered by Capital One Bank which aims to provide secure access to business accounts on the Web, 24/7. Posed to replace electronic money or more popularly known as eCash, it offers to protect customers’ accounts through security features such as multifactor authentication. Unfortunately, their security offerings come short, as we receive bulks of phishing emails that “promote” the Treasury Optimizer. The phishing mail instructs the client to update their account due to a potential security risk that affects all of Capital One Bank products, including the Treasury Optimizer... The conventional phishing attack aims to capture users’ credentials through fake login pages spammed through email. For this attack however, the phishing link given in the phishing email leads to a page that does not ask for credentials, but tells the user to download a file instead. When the user clicks the link contained in the phishing email, the following spoofed Treasury Optimizer Web page is displayed... The page explains that the bank had to fix (the) vulnerability; and in order to fix it, the client MUST download the update. It even displays different download links for different operating systems. It will then download an .EXE file that poses as an installation setup... The downloaded file is detected by Trend Micro as TROJ_SMALL.MAT. This malware-enhanced phishing attack is neither the typical type of phishing attack, nor is it less dangerous. The scope of a phishing attack is usually limited; one account from a target organization compromised in every successful attack. But this phishing attack installs a malware on the affected user’s system instead, and then uses it to monitor users’ online activities, thus possibly disclosing more information..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #25
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Fake celebrity news SPAM - Malicious Code...

    FYI...

    Fake celebrity news SPAM - Malicious Code
    - http://securitylabs.websense.com/con...erts/3172.aspx
    9.03.2008 - "...ThreatSeeker Network has seen huge volumes of spam wrapped up in CNN and MSNBC themed templates. Recently, email alerts listing different popular events and news articles also encouraged users to download a video codec, which was actually a malicious file... The malicious payload is only accessed when the user clicks on the 'READ FULL STORY' link, which takes them to a Web page on a compromised site named index97.html, which issues a pop-up encouraging users to download a ‘missing’ video codec, a file called video98.exe... Here are a few examples of the varied subjects we have seen in this campaign:
    Sensational news. Check the message.
    Breaking news! Be the first to know.
    Very important news.
    Astonishing Please take a look.
    Sensational information inside.
    Check this out. This is a bomb
    This is really great news. Please check.
    ..."

    (Screenshots available at the Websense URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #26
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Free Online Services attacked...

    FYI...

    Misleading Application Targets Free Online Services
    - http://www.securityfocus.com/blogs/1018
    2008-09-03 (Symantec Security Response) - "...we have found that attackers have begun targeting free online service sites and our example is based on Google Notebook, although these attacks are not unique to this site. Attackers have started to use Google Notebook as a new social engineering attack vector to spread misleading applications. Misleading applications attempt to convince the user that he or she must remove potentially unwanted programs or security risks (usually nonexistent or fake) from the computer. Google Notebook is a free online service that provides a way to save and share information in a single location. This free service offers a feature to save search results, notes, or images online and allow users to share these artifacts with others. Users can create notes with headings and within each note they can add more content, such as links etc. Attackers are now taking advantage of this free service to create an attack vector to push misleading applications onto the victims' machines. While researching this problem we found cases where victims were invited to click on a malicious link. We found one author's notebook with more than 50 notes, including fake information and more malicious links... Clicking on the associated links lead to author's notebook pages, where the pages contain fake information and malicious links... Based on the contents, the victim is invited to click on the links to get additional information, but ends up getting fake pop-up messages generated by fake Web sites hosting misleading applications... When the victim clicks the OK button, a fake antivirus installer is downloaded to the victim's machine. The link on the "Microsoft Windows History" page contains a link to "hxxp ://anitspy .com". This link will redirect the page to "hxxp ://llab .com". If it is a user's first visit to the site, then the site will redirect that Web page to a malicious Web site (hxxp ://pc .com), which serves up a misleading application. In other instances the page will be redirected to a search site called "hxxp ://searcher .com," where the user will see an advertisement to download fake antivirus software. The complete scenario makes it seem as if attackers are running underground affiliate networks to promote misleading applications.
    Social engineering attacks that involve victims who are tricked into clicking on malicious links are not new; however, now the attackers have started using free service sites as a new attack vector to push their misleading applications..."

    (Screenshots available at the SecurityFocus URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #27
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down SPAM targeting US Presidential Election

    FYI...

    SPAM campaign targeting US Presidential Election... Malicious Code
    - http://securitylabs.websense.com/con...erts/3177.aspx
    09.09.2008 - "Websense... has discovered an emerging email campaign which uses the US presidential election as a social engineering mechanism to install information-stealing code on a victim's machine. With less than 2 months before the start of the election, emails are circulating with fake news of a sex scandal affecting one of the candidates. Recipients of the email are encouraged to view a video supposedly involving the Democratic candidate Barack Obama. Users who click the link are shown a pornographic video taken from hxxp ://homemade*snip*.com/ . While the video plays for 14 seconds, malicious applications are installed on the victim's machine... The dropper installs 809.exe in the user's Temporary Internet Files folder. Also a Browser Helper Object (BHO) named Siemens32.dll is registered. This is an information-stealing application that posts data to a compromised Finnish travel site, hxxp ://*snip*-hotel.com/ ..."
    (Screenshots available at the URL above.)

    - http://www.f-secure.com/weblog/archives/00001497.html
    September 10, 2008 - "...Interestingly, there is no Medved Hotel in Finland... we have reported this to local authorities and they are working on getting the site shut down."
    (More screenshots...)

    Last edited by AplusWebMaster; 2008-09-10 at 15:29. Reason: Added F-secure blog info...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #28
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down DHS email Scam

    FYI...

    DHS email Scam
    - http://www.us-cert.gov/current/index...dhs_email_scam
    September 11, 2008 at 04:42 pm - "US-CERT is aware that spam email messages are being sent that appear to come from high-level DHS officials, some of which attempt to entice the user into an advance fee fraud scam. In some cases, the sender's address has been spoofed so that the email appears to come from a legitimate dhs.gov address..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #29
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Angry Fake Postcards... Fake Hurricane Relief Web Site

    FYI...

    Fake Postcards... Fake Hurricane Relief Web Site
    - http://blog.trendmicro.com/fake-post...lief-web-site/
    Sep. 14, 2008 - "... The Hurricane Gustav connection is not really that apparent in the following spammed email message... It informs recipients that they received a postcard, and if they desire to view it, they should click any of the two links in the message body. Recipients who are lured into believing that some family member actually have sent them a postcard are redirected to the following Web page when they click either link... The nameless family member (one would immediately notice that this is so impersonal) who sent the postcard also wants the recipient to donate to Gustav victims. A well-crafted “postcard” and a chance to help people in need, how heartwarming! But only if there indeed was a legitimate card, and only if the money actually went to those affected by the hurricane. Even if the Web site says so, donations through this dubious channel do not go to Red Cross. The criminals behind this scam are the only ones who get to keep the money..."

    (Screenshots available at the URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #30
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down UPS tracking invoice trojan..

    FYI...

    UPS tracking invoice trojan...
    - http://isc.sans.org/diary.html?storyid=5051
    Last Updated: 2008-09-16 20:15:52 UTC - "We received two reports of fake UPS invoice tracking Trojan zip files. This is similar to other invoice Trojans we have seen... notice that while this appears to be a two way conversation it was really just the spammer who created the whole thing. The victim did -not- send UPS an email..."

    (More detail at the URL above.)


    - http://www.ups.com/content/us/en/abo.../virus_us.html

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •