FYI...
Fake 'BankLine' SPAM - targets RBS customers
- http://blog.mxlab.eu/2014/11/13/fake...rbs-customers/
Nov 13, 2014 - "... intercepted -fake- emails regarding a new secure message from BankLine that targets RBS customers. The subject line is “You have received a new secure message from BankLine#24802254″ this email is sent from the spoofed address “Bankline <secure.message @ bankline .com>” and has the following body:
You have received a secure message.
Read your secure message by following the link bellow:
link-
You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it.
If you have concerns about the validity of this message, please contact the sender directly. For questions please contact the Bankline Bank Secure Email Help Desk at 0131 556 1196.
First time users – will need to register after opening the attachment...
The embedded URL in our sample leads to hxxp ://vsrwhitefish .com/bankline/message.php. This will open up and HTML document with an integrated Javascript script that will make use of ActiveXObject or a regular HTTP request, opens up a download in order to open and/or save the malicious file as instructed."
216.251.43.98: https://www.virustotal.com/en/ip-add...8/information/
... 5/60 2014-11-13 13:23:41 http ://vsrwhitefish .com/bankline/message.php
___
Fake 'Voice mail' SPAM ...
- http://blog.mxlab.eu/2014/11/13/voic...curity-threat/
Nov 13, 2014 - "... intercepted a large campaign by email with the subject “Voice Message #0768384921 (numbers may vary)” and is continuation of the previous campaign targeting RBS customers. This email is sent from the spoofed address “Message Admin <martin.smith@ essex .org.uk>” and has the following body:
Voice redirected message
hxxp ://crcmich .org/bankline/message.php
Sent: Thu, 13 Nov 2014 11:54:24 +0000
The embedded URL in our sample leads to hxxp ://crcmich .org/bankline/message.php. This will open up and HTML document with an integrated Javascript script that will make use of ActiveXObject or a regular HTTP request, opens up a download in order to open and/or save the malicious file as instructed."
69.160.53.51: https://www.virustotal.com/en/ip-add...1/information/
... 3/61 2014-11-13 15:04:47 http ://crcmich .org/bankline/message.php?
___
Alert (TA14-317A)
Apple iOS "Masque Attack" Technique
- https://www.us-cert.gov/ncas/alerts/TA14-317A
Nov 13, 2014
Systems Affected:
iOS devices running iOS 7.1.1, 7.1.2, 8.0, 8.1, and 8.1.1 beta.
Overview:
A technique labeled “Masque Attack” allows an attacker to substitute malware for a legitimate iOS app under a limited set of circumstances...
(More detail at the URL above.)