WordPress attacks exploiting XMLRPC
Aug 22, 2014 - "We are experiencing Ongoing WordPress attacks exploiting XMLRPC. There appears to be a massive attack on WordPress sites today. So far I have had almost -1600- blocked attacks against ONE of my WordPress sites... Anybody using WordPress should make sure that they are plugged and use a good security system to prevent or -block- these attacks. It appears to be using the attack mentioned in this post:
... -None- of the current wordpress security plugins will -block- this and you need to make sure that you have a strong random password on your admin account. The -only- way to block them is on the perimeter, that is use a firewall that blocks the offending IP numbers that are responsible for the attacks. They are all coming from other compromised servers or hacked users computers..."
(More detail at the URL's above.)
Fake ADP 'Anti-Fraud Secure Update' SPAM – PDF malware
22 Aug 2014 - "'ADP: August 22, 2014 Anti-Fraud Secure Update' pretending to come from ADP_Netsecure@ adp .com is another one from the current zbot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... Email looks like:
Dear Valued ADP Client,
We are pleased to announce that ADP Payroll System released secure upgrades to your computer.
A new version of secure update is available.
Our development division strongly recommends you to download this software update.
It contains new features:
The certificate will be attached to the computer of the account holder, which disables any fraud activity
Any irregular activity on your account is detected by our safety centre
Download the attachment. Update will be automatically installed by double click.
We value our partnership with you and take pride in the confidence that you place in us to process payroll on your behalf. As always, your ADP Service Team is happy to assist with any questions you may have...
22 August 2014 : 2014 Anti-Fraud Secure Update_08222014.zip (9kb)
Extracts to 2014 Anti-Fraud Secure Update_08222014.exe
Current Virus total detections: 3/54* . This 'ADP: August 22, 2014 Anti-Fraud Secure Update' is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
22 Aug 2014 - "Subjects Seen:
ADP: August 22, 2014 Anti-Fraud Secure Update
Typical e-mail details:
Malicious File Name and MD5:
2014 Anti-Fraud Secure Update_08222014.scr (840B3B6A714F7330706F0C19F99D5EB8)
2014 Anti-Fraud Secure Update_08222014.zip (AB0D93E0952BDCE45D6E6494DF4D94AD)
Tagged: ADP, Upatre
Backoff Point-of-Sale Malware Campaign
August 22, 2014 - "US-CERT is aware of Backoff malware compromising a significant number of -major- enterprise networks as well as small and medium businesses. US-CERT encourages administrators and operators of Point-of-Sale systems to review the Backoff malware alert* to help determine if your network may be affected. Organizations that believe they have been infected with Backoff are also encouraged to contact their local US Secret Service Field Office."
Last revised: Aug 22, 2014 - "... the Secret Service currently estimates that over 1,000 U.S. businesses are affected..."
Backoff malware Q&A
"In light of a recent string of breaches involving a new point-of-sale malware family that our Trustwave researchers identified and named "Backoff," we have received many questions about the threat and how businesses can protect themselves..."
"FlashPack" - add-on targets Japanese users, leads To exploit kit
Added share buttons:
Number of hits by country from August 1 to 17
How can users and site owners prevent these attacks? Site owners should be very cautious about adding add-ons to their site that rely on externally hosted scripts. As shown in this attack, they are trivial to use in malicious activities. In addition, they can slow the site down as well. Alternatives that host the script on the same server as the site itself are preferable. This incident illustrates for end users the importance of keeping-software-patched. The vulnerability we mentioned above has been fixed for half-a-year. Various auto-update mechanisms exist which can keep Flash up-to-date..."
Edited by AplusWebMaster, 22 August 2014 - 08:32 PM.