Fake Securitas, Job offer SPAM ...
FYI...
Fake Securitas SPAM – PDF malware
- http://myonlinesecurity.co.uk/securitas-mail-report-attached-fake-pdf-malware/
30 Oct 2014 - "'From Securitas Mail Out Report Attached' pretending to come from Alert ARC Reports is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... The email looks like:
From Securitas, please do not reply to this e-mail as it is auto generated.
For any problems please e-mail derry.andrews@ securitas .uk.com
30 October 2014: Q100982010_Mail Out Report.zip: Extracts to: Q100771292_Mail Out Report.exe
Current Virus total detections: 1/54* . This 'From Securitas Mail Out Report Attached' is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/...435759baa8fd4f926c25bd97/analysis/1414659759/
___
Fake 'Accounts Payable' SPAM - malware .doc attachment
- http://myonlinesecurity.co.uk/reminder-word-doc-malware/
30 Oct 2014 - "An email with a Microsoft word doc attachment saying 'Please see attached statement sent to us' pretending to come from random names with a subject of 'Further Reminder' is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... The name of the alleged sender matches the name of the 'Senior Accounts Payable Clerk from the Finance Department' in the body of the email... word macro malware*... The email looks like:
Good afternoon,
Please see attached statement sent to us, I have highlighted on this the payments made to you in full and attached a breakdown of each one for you to correctly allocate. Hope this helps.
Thanking you in advance.
Many Thanks & Kind Regards
Vivian Dennis
Senior Accounts Payable Clerk
Finance Department ..
30 October 2014 : CopyHA779333.doc - Current Virus total detections: 0/53**. Be very careful with email attachments. All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email..."
* http://myonlinesecurity.co.uk/malformed-infected-word-docs-embedded-macro-viruses/
** https://www.virustotal.com/en/file/...cb0be06bdab1a4e52cadb8f5/analysis/1414671500/
- http://blog.dynamoo.com/2014/10/further-reminder-spam-has-malicious.html
30 Oct 2014
... Recommended blocklist:
212.59.117.207: https://www.virustotal.com/en/ip-address/212.59.117.207/information/
217.160.228.222: https://www.virustotal.com/en/ip-address/217.160.228.222/information/
91.222.139.45: https://www.virustotal.com/en/ip-address/91.222.139.45/information/
81.7.3.101: https://www.virustotal.com/en/ip-address/81.7.3.101/information/
195.154.126.245: https://www.virustotal.com/en/ip-address/195.154.126.245/information/
___
Fake Job offer SPAM - malware
- http://myonlinesecurity.co.uk/job-service-new-offer-job-malware/
30 Oct 2014 - "'Job service New offer Job' pretending to come from Job service is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment...
Screenshot: http://myonlinesecurity.co.uk/wp-content/uploads/2014/10/new-offer-job.png
30 October 2014: job.pdf.zip: Extracts to: job.pdf.exe
Current Virus total detections: 3/53*. same malware as today’s version of my new photo malware**. This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/...181a50437184482b32075b94/analysis/1414662840/
** http://myonlinesecurity.co.uk/new-photo-malware/
___
Malicious Browser Extensions
- http://blog.trendmicro.com/trendlab...depth-look-into-malicious-browser-extensions/
Oct 29, 2014 - "Malicious browser extensions bring about security risks as these often lead to system infection and unwanted spamming on Facebook. Based on our data, these attacks have notably affected users in Brazil. We have previously reported that cybercriminals are putting malicious browsers in the official Chrome Web store. We also came across malware that -bypasses- a Google security feature checks third party extensions... we performed an in-depth analysis of malicious Chrome browser extension and its evasion tactics, after receiving samples in from Facebook. Facebook’s Security team conducts their own malware research and they regularly collaborate with Trend Micro to keep their service safe... Based on our data starting from May 2014 onwards, Trend Micro HouseCall has helped about 1,000,000 users whose computers have been infected by malicious browser extensions. The top affected countries are mostly located in the Latin American region, such as Brazil, Mexico, Colombia, and Peru.
Top affected countries:
> http://blog.trendmicro.com/trendlabs-security-intelligence/files/2014/10/FB-extension-infection.jpg
... We strongly advise users to avoid clicking links from messages, even if they appear to come from your friends. Users can also opt to use Trend Micro HouseCall* to secure their systems from online threats, including those that may leverage or abuse Facebook. Trend Micro and Facebook are working closely together to combat this threat. Below is the SHA1 hash of the malicious file:
4733c4ea00137497daad6d2eca7aea0aaa990b46 "
* http://housecall.trendmicro.com/
___
Popular Science site compromised
- http://community.websense.com/blogs...ebsite-of-popular-science-is-compromised.aspx
28 Oct 2014 - "... injected with a malicious code that -redirects- users to websites serving exploit code, which subsequently drops malicious files on each victim's computer... injected with a malicious iFrame, which automatically redirects the user to the popular RIG Exploit Kit..."
:fear:
FYI...
Fake Securitas SPAM – PDF malware
- http://myonlinesecurity.co.uk/securitas-mail-report-attached-fake-pdf-malware/
30 Oct 2014 - "'From Securitas Mail Out Report Attached' pretending to come from Alert ARC Reports is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... The email looks like:
From Securitas, please do not reply to this e-mail as it is auto generated.
For any problems please e-mail derry.andrews@ securitas .uk.com
30 October 2014: Q100982010_Mail Out Report.zip: Extracts to: Q100771292_Mail Out Report.exe
Current Virus total detections: 1/54* . This 'From Securitas Mail Out Report Attached' is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/...435759baa8fd4f926c25bd97/analysis/1414659759/
___
Fake 'Accounts Payable' SPAM - malware .doc attachment
- http://myonlinesecurity.co.uk/reminder-word-doc-malware/
30 Oct 2014 - "An email with a Microsoft word doc attachment saying 'Please see attached statement sent to us' pretending to come from random names with a subject of 'Further Reminder' is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... The name of the alleged sender matches the name of the 'Senior Accounts Payable Clerk from the Finance Department' in the body of the email... word macro malware*... The email looks like:
Good afternoon,
Please see attached statement sent to us, I have highlighted on this the payments made to you in full and attached a breakdown of each one for you to correctly allocate. Hope this helps.
Thanking you in advance.
Many Thanks & Kind Regards
Vivian Dennis
Senior Accounts Payable Clerk
Finance Department ..
30 October 2014 : CopyHA779333.doc - Current Virus total detections: 0/53**. Be very careful with email attachments. All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email..."
* http://myonlinesecurity.co.uk/malformed-infected-word-docs-embedded-macro-viruses/
** https://www.virustotal.com/en/file/...cb0be06bdab1a4e52cadb8f5/analysis/1414671500/
- http://blog.dynamoo.com/2014/10/further-reminder-spam-has-malicious.html
30 Oct 2014
... Recommended blocklist:
212.59.117.207: https://www.virustotal.com/en/ip-address/212.59.117.207/information/
217.160.228.222: https://www.virustotal.com/en/ip-address/217.160.228.222/information/
91.222.139.45: https://www.virustotal.com/en/ip-address/91.222.139.45/information/
81.7.3.101: https://www.virustotal.com/en/ip-address/81.7.3.101/information/
195.154.126.245: https://www.virustotal.com/en/ip-address/195.154.126.245/information/
___
Fake Job offer SPAM - malware
- http://myonlinesecurity.co.uk/job-service-new-offer-job-malware/
30 Oct 2014 - "'Job service New offer Job' pretending to come from Job service is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment...
Screenshot: http://myonlinesecurity.co.uk/wp-content/uploads/2014/10/new-offer-job.png
30 October 2014: job.pdf.zip: Extracts to: job.pdf.exe
Current Virus total detections: 3/53*. same malware as today’s version of my new photo malware**. This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/...181a50437184482b32075b94/analysis/1414662840/
** http://myonlinesecurity.co.uk/new-photo-malware/
___
Malicious Browser Extensions
- http://blog.trendmicro.com/trendlab...depth-look-into-malicious-browser-extensions/
Oct 29, 2014 - "Malicious browser extensions bring about security risks as these often lead to system infection and unwanted spamming on Facebook. Based on our data, these attacks have notably affected users in Brazil. We have previously reported that cybercriminals are putting malicious browsers in the official Chrome Web store. We also came across malware that -bypasses- a Google security feature checks third party extensions... we performed an in-depth analysis of malicious Chrome browser extension and its evasion tactics, after receiving samples in from Facebook. Facebook’s Security team conducts their own malware research and they regularly collaborate with Trend Micro to keep their service safe... Based on our data starting from May 2014 onwards, Trend Micro HouseCall has helped about 1,000,000 users whose computers have been infected by malicious browser extensions. The top affected countries are mostly located in the Latin American region, such as Brazil, Mexico, Colombia, and Peru.
Top affected countries:
> http://blog.trendmicro.com/trendlabs-security-intelligence/files/2014/10/FB-extension-infection.jpg
... We strongly advise users to avoid clicking links from messages, even if they appear to come from your friends. Users can also opt to use Trend Micro HouseCall* to secure their systems from online threats, including those that may leverage or abuse Facebook. Trend Micro and Facebook are working closely together to combat this threat. Below is the SHA1 hash of the malicious file:
4733c4ea00137497daad6d2eca7aea0aaa990b46 "
* http://housecall.trendmicro.com/
___
Popular Science site compromised
- http://community.websense.com/blogs...ebsite-of-popular-science-is-compromised.aspx
28 Oct 2014 - "... injected with a malicious code that -redirects- users to websites serving exploit code, which subsequently drops malicious files on each victim's computer... injected with a malicious iFrame, which automatically redirects the user to the popular RIG Exploit Kit..."
:fear:
Last edited:
angerousObject.Multi.Generic, Trojan.MSIL.BVXGen or Win32.Trojan.Inject.Auto. At the time of writing, 4 of the 54 AV engines did detect the trojan at Virus Total*..."