Fake Invoice SPAM, Fake 'Ebola Alert Tool' ...
FYI...
Fake Invoice SPAM - Word doc malware
- http://myonlinesecurity.co.uk/please...d-doc-malware/
28 Oct 2014 - "An email saying 'Please find attached INVOICE number 224244 from Power EC Ltd' pretending to come from soo.sutton[random number]@ powercentre .com with a subject of 'INVOICE [random number] from Power EC Ltd' is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... The email looks like:
Please find attached INVOICE number 224244 from Power EC Ltd
28 October 2014 : INVOICE263795.doc - Current Virus total detections: 3/54*
Be very careful with email attachments. All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email... macro malware**... The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
* https://www.virustotal.com/en/file/4...is/1414506485/
** http://myonlinesecurity.co.uk/malfor...macro-viruses/
- http://blog.dynamoo.com/2014/10/invo...-ltd-spam.html
28 Oct 2014
> https://www.virustotal.com/en/file/4...is/1414519923/
Recommended blocklist:
62.75.184.70: https://www.virustotal.com/en/ip-add...0/information/
116.48.157.176: https://www.virustotal.com/en/ip-add...6/information/
___
Fake 'Ebola Alert Tool' ...
- https://blog.malwarebytes.org/online...-anything-but/
Oct 27, 2014 - "... More news of infection outside Africa such as this could further fuel the ever-increasing fear and anxiety for one’s own life and well-being, especially in terms of how one interacts with the outside world. People are trying to be more careful in their dealings than usual, always wanting to be on the know about the latest happenings. This is why web threats banking on perennial hot topics like Ebola could be effective lures against users, especially in the long run... Upon initial visit to the page, users are presented with the following prompt at the top-middle part of the screen:
> https://blog.malwarebytes.org/wp-con...s-1024x341.jpg
Below is a screenshot of the downloaded file with an overview of its details:
> http://blog.malwarebytes.org/wp-cont.../ebolafile.png
EbolaEarlyWarningSystem.exe has a low detection rate as of this writing—four vendors detect it out of 53*... Upon execution, it displays a user interface prompting users to install the ONLY Search toolbar with links to its EULA and Privacy Policy pages. Once users click the “Agree” button, they are again presented with other offers to download, such as a program called Block-n-Surf (a supposed tool used to protect children from adult-related content, System Optimizer Pro (a tool that purportedly optimizes the user’s system), oneSOFTperday (a tool that gives users access to free apps), and a remote access tool among others:
> https://blog.malwarebytes.org/wp-con...all5.png?w=564
Once programs are installed, the following have been observed from affected systems: All browser default search pages are changed to ONLY Search:
> http://blog.malwarebytes.org/wp-cont...onlysearch.png
Once users open a new browser tab, affiliate sites are loaded up (e.g. a site offering insurance):
> http://blog.malwarebytes.org/wp-cont...-affiliate.png
Browser windows open to prompt user to install more programs:
> http://blog.malwarebytes.org/wp-cont...0/pckeeper.png
System Optimizer Pro executes:
> https://blog.malwarebytes.org/wp-con...exec.png?w=555
- Affected machine slows down
- Shortcut files are created on the desktop
During testing, we haven’t seen any installation of the Ebola Early Warning System toolbar or evidence of warning alerts. We implore users not to be easily swayed with software solutions banking on the Ebola scare. They may be more about enticing internet users into downloading programs that may potentially do harm on their systems, instead of helping them be aware of the current situation**..."
* https://www.virustotal.com/en/file/4...is/1414142257/
** http://www.cdc.gov/vhf/ebola/
