Page 66 of 70 FirstFirst ... 1656626364656667686970 LastLast
Results 651 to 660 of 694

Thread: SPAM frauds, fakes, and other MALWARE deliveries - archive

  1. #651
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Zeus-SpyEye ATS module masks online Banking Theft

    FYI...

    Zeus-SpyEye ATS module masks online Banking Theft
    Automated attack bypasses two-factor authentication
    - http://www.darkreading.com/taxonomy/...e/id/240002267
    Jun 18, 2012 - "A newly discovered online banking fraud tool cheats two-factor authentication, automates the attack, and hides out so that victims can't see losses or traces of the theft until long after the money is gone. Security researchers at Trend Micro during the past few months have studied a dangerous new module for Zeus and SpyEye that automatically withdraws funds from a victim's account without the attacker having to monitor the process, even if it includes strong authentication. So far, the so-called automatic transfer systems (ATS) attacks are targeting banking customers in Europe, namely in Germany, England, and Italy, where two-factor authentication is used via SMS..."
    * http://www.trendmicro.com/cloud-cont...king_fraud.pdf

    - http://www.infosecisland.com/blogvie...e-Banking.html
    June 21, 2012 - "... it is possible to detect various active ATSs in the wild that based on a common framework used by cybercriminals to conduct automated fraud. Typically the schemes use phishing emails with links to tainted pages, malware attachments or drive-by download attacks from malicious or even compromised legitimate sites..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #652
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down AutoCAD malware - targeted for Industrial Espionage

    FYI...

    AutoCAD malware - targeted for Industrial Espionage
    - https://isc.sans.edu/diary.html?storyid=13549
    Last Updated: 2012-06-25 04:19:38 UTC - "A number of sites have published an analysis of relatively new malware, ACAD/Medre.A*... somewhat unique in that it seems to be highly targeted and specialized. The current version of ACAD/Medre.A seems to be targeted at AutoCAD files hosted at IP addresses in Peru. ACAD/Medre.A is not just thrown together, low quality malware. Analysis reveals it is well written; at a level that suggests an experienced malware writer wrote it... Either it is a limited test of a new malware concept that will be unleashed on the general world in the future. The malware is written using AutoLISP, the AutoCAD built in scripting language. To the best of my knowledge the first malware written in this language. Another possibility is that it is a targeted intellectual property attack by one of the organized malware groups..."
    * http://thehackernews.com/2012/06/vir...d-perfect.html
    6/24/2012

    - http://www.gfi.com/blog/worm-found-i...stealing-data/
    June 25, 2012
    ___

    > http://blog.eset.com/2012/06/21/acad...cal-analysis-2
    June 22, 2012

    Removal tool here: http://download.eset.com/special/EACADMedreCleaner.exe

    Last edited by AplusWebMaster; 2012-06-25 at 20:55.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #653
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down UPS delivery tracking SPAM emails serving client-side exploits and malware

    FYI...

    UPS delivery tracking SPAM emails serving client-side exploits and malware
    - http://blog.webroot.com/2012/06/25/s...s-and-malware/
    June 25, 2012 - "Cybercriminals are currently spamvertising millions of emails impersonating United Parcel Service (UPS) in an attempt to trick end and corporate users into clicking on exploits and malware serving links found in the malicious emails... Upon clicking on the link, the campaign is serving client-side exploits using the Black Hole web malware exploitation kit, and in this particular campaign it’s attempting to exploit CVE-2010-1885 and CVE-2012-0507...
    > https://www.virustotal.com/file/267a...is/1339706944/
    File name: Shipping, Freight, Logistics and Supply Chain Management from UPS.htm
    Detection ratio: 2/42
    Analysis date: 2012-06-14 20:49:04 UTC
    ... Upon successful client-side exploitation the second malicious URL drops MD5: 5e187c293a563968dd026fae02194cfa, detected by 3 out of 42 antivirus scanners as PAK_Generic.001. Upon execution it creates the following file:
    %AppData%\KB00121600.exe – MD5: 5E187C293A563968DD026FAE02194CFA - detected by 3 out of 42 antivirus scanners as PAK_Generic.001
    Upon execution, the sample phones back to 123.49.61.59 /zb/v_01_b/in on port 8080. Another sample is known to have phoned back to the same URL, namely, MD5: 108F10F0921F2B4FCA87FE6E620D21EF which phones back..."
    (More detail at the webroot URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #654
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Fake PayPal account confirmation emails lead to phishing sites...

    FYI...

    Fake PayPal account confirmation emails lead to phishing sites
    - http://blog.webroot.com/2012/06/26/s...hishing-sites/
    June 26, 2012 - "... Phishers have just started spamvertising hundreds of thousands of legitimately-looking PayPal themed emails, in an attempt to trick users into entering their accounting data on the fraudulent web site linked in the emails...
    Screenshot of the spamvertised PayPal themed campaign:
    > https://webrootblog.files.wordpress....ng?w=458&h=250
    ... Sample spamvertised text:
    Dear PayPal Costumer, It has come to our attention that your PayPal® account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website. If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service. However, failure to update your records will result in account suspension. Please update your records before June 12, 2012. Once you have updated your account records, your PayPal® account activity will not be interrupted and will continue as normal.
    Upon clicking on the link found in the phishing emails, users are presented with the following legitimately-looking PayPal login page:
    > https://webrootblog.files.wordpress...._paypal_02.png
    Users are advised to avoid interacting with the emails, and to report them as fraudulent/malicious as soon as they receive them."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #655
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Fake email / SPAM leads to malware... 2012.06.28

    FYI...


    Red - Virus Outbreak In Progress
    - http://www.ironport.com/toc/

    Real-time Outbreak Details
    > http://tools.cisco.com/security/cent...utbreak.x?i=77
    June 29, 2012
    ___

    Bogus online casino themed emails serving W32/Casonline
    - http://blog.webroot.com/2012/06/28/s...-w32casonline/
    June 28, 2012

    Fake Delta email leads to Sirefef, Fake AV
    - http://www.gfi.com/blog/fake-delta-e...refef-fake-av/
    June 27, 2012

    Fake DHL emails serving malware
    - http://blog.webroot.com/2012/06/26/s...rving-malware/
    June 26, 2012

    Last edited by AplusWebMaster; 2012-06-30 at 20:57.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #656
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Garbage print jobs...

    FYI...

    Garbage print jobs...
    - http://www.symantec.com/connect/blog...rintlove-video
    July 2, 2012 - "...we have received several customer issues about garbage being printed on their network printers... we came across a new -worm- that causes the garbage print jobs. Symantec detects this worm as W32.Printlove. W32.Printlove uses the Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability (CVE 2010-2729)* discovered in 2010 to spread across networks. We have created a video..."
    * https://technet.microsoft.com/en-us/...letin/MS10-061
    MS10-061 - Critical
    Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)
    September 2010

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2010-2729 - 9.3 (HIGH)
    Last revised: 07/19/2011 - "... as exploited in the wild in September 2010, aka 'Print Spooler Service Impersonation Vulnerability'."

    - https://isc.sans.edu/diary.html?storyid=13519
    Last Updated: 2012-06-21
    ___

    - http://h-online.com/-1632779
    5 July 2012

    Last edited by AplusWebMaster; 2012-07-05 at 16:18.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #657
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down GoPro is compromised serving malicious code

    FYI...

    GoPro is compromised serving malicious code
    - http://community.websense.com/blogs/...ious-code.aspx
    4 Jul 2012 - "... Websense... has detected that the official website of GoPro (at gopro.com), the popular brand for "wearable" cameras, has been compromised and injected with malicious code. We have contacted GoPro and let them know about the compromise but to date, we have not heard back from them... The injected code is resident in multiple locations on the main page. This injection is part of mass injection that is known to us and that is doing its rounds over the web at the moment... Once a user visits gopro .com the injected code gets translated to an Iframe that leads the user automatically and without any interaction to a malicious redirector at ad.fourtytwo.proadvertise .net ... The malicious redirector at ad.fourtytwo.proadvertise .net further redirects the user to an exploit Website loaded with the Blackhole exploit kit located at ad.banchoath .com. On the exploit website several exploits are sent to the user's browser and on successful exploitation the user's machine is infected with malware, at the time of the post... according to virustotal...
    * https://www.virustotal.com/file/f277...b46b/analysis/
    File name: !r033PlxM.exe
    Detection ratio: 4/42
    Analysis date: 2012-07-04 17:44:13 UTC
    ... The injected code translates to an Iframe that takes without user interaction the visitor to an exploit Website..."
    ___

    - http://google.com/safebrowsing/diagn...advertise.net/
    Site is listed as suspicious - visiting this web site may harm your computer... the last time suspicious content was found on this site was on 2012-07-04. Malicious software includes 1 trojan...

    - http://google.com/safebrowsing/diagn...banchoath.com/
    Site is listed as suspicious - visiting this web site may harm your computer... the last time suspicious content was found on this site was on 2012-07-04. Malicious software includes 7 trojan(s)...

    Last edited by AplusWebMaster; 2012-07-05 at 03:27.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #658
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Java exploit-in-the-wild ...

    FYI...

    Java exploit-in-the-wild ...
    - https://krebsonsecurity.com/2012/07/...-exploit-kits/
    July 5, 2012 - "... more than 3 billion devices run Java and many these installations are months out of date... a malicious “.jar” file that — when scanned at Virustotal.com — was detected by just -one- antivirus product (Avira), which flagged it as Java/Dldr.Lamar.BD*. The description of that threat says it targets a Java vulnerability tagged as CVE-2012-1723, a critical bug fixed in Java 6 Update 33 and Java 7 Update 5**..."
    * https://www.avira.com/en/support-thr...FDldr.Lamar.BD

    ** http://forums.spybot.info/showpost.p...69&postcount=4

    - http://web.nvd.nist.gov/view/vuln/de...=CVE-2012-1723 - 10.0 (HIGH)

    Verify: https://www.java.com/en/download/ins...tect=jre&try=1
    ___

    - http://h-online.com/-1636577
    11 July 2012

    Ongoing...
    - https://threatpost.com/en_us/blogs/b...23-flaw-071612
    July 16, 2012 - "... Websense* said that they've seen the Black Hole exploit kit targeting this vulnerability and using a series of freshly registered domains... The vulnerability could evade the JRE (Java Runtime Environment) sandbox and load additional Java classes in order to perform malicious actions..."
    * http://community.websense.com/blogs/...2012-1723.aspx
    15 Jul 2012

    Last edited by AplusWebMaster; 2012-07-17 at 15:53.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #659
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Phishing campaign targeting Gmail, Yahoo, AOL and Hotmail ...

    FYI...

    Phishing campaign targeting Gmail, Yahoo, AOL and Hotmail ...
    - http://blog.webroot.com/2012/07/09/p...d-in-the-wild/
    July 9, 2012 - "... intercepted a currently active phishing campaign that’s a good example of a popular tactic used by cybercriminal known as ‘campaign optimization’. The reason this campaign is well optimized it due to the fact that as it simultaneously targets Gmail, Yahoo, AOL and Windows Hotmail email users... Sample screenshot of the spamvertised phishing email:
    > https://webrootblog.files.wordpress....ng?w=333&h=159
    Spamvertised URL hosted on a compromised Web server: tanitechnology .com/fb/includes/examples/properties/index .htm - the URL is currently -not- detected by any of the 28 phishing URL scanning services used by the VirusTotal service. Sample screenshot of the landing phishing page affecting multiple free email service providers:
    > https://webrootblog.files.wordpress....ng?w=280&h=320
    What makes an impression is the poor level of English applied to the campaign’s marketing creative. Moreover, it’s rather awkward to see that the landing phishing page is themed using the Online Real Estate brand Remax, a brand that has nothing to do with the enforcement of a particular marketing message related to the phishing campaign. Users are advised to avoid interacting with similar pages, and to always ensure that they’re on the right login page before entering their accounting data."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #660
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Virus Outbreak in Progress - 2012.07.11...

    FYI...


    Red - Virus Outbreak In Progress
    - http://www.ironport.com/toc/
    July 11, 2012

    - http://tools.cisco.com/security/cent...utbreak.x?i=77
    Fake Personal Photos E-mail Messages... Updated July 11, 2012
    Fake Portuguese Contract Confirmation Email Messages... New July 11, 2012
    Fake Hotel Reservation Confirmation Details E-mail Messages... Updated July 11, 2012
    Fake DHL Express Tracking Notification E-mail Messages... Updated July 11, 2012
    Unknown Malicious Files Distributed in E-mail Messages... New July 11, 2012
    Fake USPS Parcel Delivery Failure Notification E-mail Messages... Updated July 11, 2012
    Fake Warning Notification E-mail Messages... Updated July 11, 2012
    Fake DHL Express Tracking Notification E-mail Messages... Updated July 11, 2012 ...

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •