Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech - Register now for FREE

A community of volunteers who share their knowledge, and answer your tech questions. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message, and all ads will be removed once you have signed in.

Create an Account Login to Account


Photo

SPAM frauds, fakes, and other MALWARE deliveries...


  • Please log in to reply
1308 replies to this topic

#1306 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,440 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 20 October 2014 - 05:38 AM

FYI...

Fake 'unpaid invoice' SPAM - xls malware
- http://myonlinesecur...el-xls-malware/
20 Oct 2014 - "An email pretending to be an unpaid invoice and threatening court action with a subject of 'Acorn Engineering Limited trading' is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... The email looks like:
   Acorn-Maintenance-Engineering-logo...
    October 20, 2014
    Head Office
    Acorn Engineering Limited trading
    as Acorn Maintenance
    Acorn House
    20 Wellcroft Road
    Slough
    Berkshire
    SL1 4AQ
    Tel: 01753 386 073
    Fax: 01753 409 672
    Dear ...
    Reference: 48771955-A8
    Court action will be the consequence of your ignoring this letter.
    Despite our telephone calls on October 10 and our letters of September 25, 2014 and October 20, 2014, and your promise to pay, payment of your account has still not been received. If full payment is not received by October 22, 2014 court action will be taken against your company.
    If you allow this to happen you will incur court costs and you may forfeit your company’s credit status because the name of your company will be recorded by the major credit reference agencies. This may deter others from supplying you.
    You are also being charged debt recovery costs and statutory interest of 8% above the reference rate (fixed for the six month period within which date the invoices became overdue) pursuant to the late payment legislation.
    To stop this from happening please pay in full now the overdue invoice which is also attached to this letter.
    Yours truly,
    signature-Mishenko.gif (626?272)
    Nadine Cox,
    Accountant
    Acorn Engineering Limited
    Enclosure (Attachment)


20 October 2014: Copy4313_B0.zip: Extracts to: Invoice_7380901925299.xls.exe
Current Virus total detections: 3/54* . This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper Microsoft Excel xls file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustot...sis/1413800273/
___

Fake PDF invoice SPAM
- http://www.symantec....more-you-expect
Oct 20, 2014 - "... Over the past week, Symantec has observed a spam campaign involving suspicious emails that masquerade as unpaid invoices. However, these suspicious emails come with a nasty surprise attached in the form of a malicious .pdf file.
Malicious .pdf file attached to suspicious email:
> http://www.symantec....031/Fig1_19.png
While these invoices may appear to be legitimate because the sender’s email address may be associated with a major company, the emails contain spelling errors in the subject line and the body of the email contains just one line of text. Most business emails contain a personal greeting to the recipient and the sender’s signature, but these emails have neither. These signs should serve as warnings to users that the email is not what it claims to be. The attached .pdf file has malicious shellcode hidden inside of it that will be executed when opened with a vulnerable version of Adobe Reader... attackers are trying to exploit the Adobe Acrobat and Reader Unspecified Remote Integer Overflow Vulnerability (CVE-2013-2729) by triggering the vulnerability while parsing the crafted Bitmap encoded image... The embedded shellcode acts as a downloader which downloads a malicious executable file (Infostealer.Dyranges) from a remote location. The downloaded malware attempts to install itself as a service called “google update service”... If successful, the malware is then able to steal confidential information entered into Web browsers by the user. Symantec recommends that users exercise caution when opening emails and attachments from unexpected or unknown senders. We also advise that PDF viewers and security software be kept up-to-date. Symantec detects the malicious .pdf file used in this campaign as Trojan.Pidief*."
* http://www.symantec....1022-99&tabid=2
___

Fake 401k SPAM - PDF malware
- http://myonlinesecur...ke-pdf-malware/
20 Oct 2014 - "An email pretending to come from Carla Rivers < CarlaRivers@ fidelity .com > giving detailks of the October 2014 401k fund performance results  with a subject of '401k June 2014 Fund Performance and Participant Communication' is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... The email looks like:
     Co-op 401k Plan Participants –
    Attached you will find the October 2014 401k fund performance results as well as an informational piece regarding online calculators available on the website.
    If you are a facility manager, please forward, print or post a copy of these pages on your bulletin board or in a conspicuous place where your employees can see them.
    Please contact me if you have any questions.
    Carla Rivers
    Employee Benefits/Plan Administrator ..


20 October 2014: October-2014-401k-Fund.zip : Extracts to: October-2014-401k-Fund.scr
Current Virus total detections: 3/53* . This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustot...sis/1413823356/
... Behavioural information
DNS requests
cyba3 .co.uk (94.136.40.103)
TCP connections
188.165.214.6: https://www.virustot....6/information/
94.136.40.103: https://www.virustot...03/information/
___

Fake 'LogMeIn Security Update' SPAM – PDF malware
- http://myonlinesecur...ke-pdf-malware/
20 Oct 2014 - "An email that says it is an announcement that you need to install a new 'LogMeIn security certificate' which  pretends to  come from LogMeIn .com < auto-mailer@ logmein .com >  with a subject of October 16, 2014 'LogMeIn Security Update' is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment...

Screenshot: http://myonlinesecur...rity-update.png

20 October 2014: cert_client.zip: Extracts to: cert_1020.scr
Current Virus total detections: 1/52* . This October 16, 2014 'LogMeIn Security Update' is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a legitimate file  instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustot...sis/1413811609/
___

Fake 'my new photo ;)' SPAM - trojan variant
- http://blog.mxlab.eu...trojan-variant/
Oct 20, 2014 - "...  intercepted a new trojan variant distribution campaign by email with the subject “my new photo ;)”... sent from the spoofed email addresses and has the following short body:

    my new photo ;)

The attached ZIP file has the name photo.zip, once extracted a folder photo is available with that contains the 57 kB large file photo.exe . The trojan is known as a variant of HEUR/QVM03.0.Malware.Gen or Win32:Malware-gen. At the time of writing, 2 of the 53 AV engines did detect the trojan at Virus Total*..."
* https://www.virustot...sis/1413812842/
___

Fake Invoice SPAM – word doc malware
- http://myonlinesecur...rd-doc-malware/
20 Oct 2014 - "An email pretending to come from Adobe with the subject of 'Adobe Invoice' is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... This email has an attachment that looks like a proper word.doc but something has disinfected all copies on its travels. All copies that I have received have been -less- than 1kb in size and are empty files with a name only adb-102288-invoice.doc . They are almost certainly supposed to be the typical malformed word docs, that contain a macros script -virus- we have been seeing so much recently that will infect you if you open or even preview them when you have an out of date or vulnerable version of Microsoft word on your computer... The email looks like:
    Adobe® logo     
    Dear Customer,
    Thank you for signing up for Adobe Creative Cloud
    Service.
    Attached is your copy of the invoice.
    Thank you for your purchase.
    Thank you,
    The Adobe Team
    Adobe Creative Cloud Service...


Never just blindly click on the file in your email program. Always save the file to your downloads folder, so you can check it first. Most (if not all) malicious files that are attached to emails will have a faked extension..."

- http://blog.dynamoo....e-spam-adb.html
20 Oct 2014
Screenshot: https://1.bp.blogspo...s1600/adobe.png
> https://www.virustot...sis/1413809174/
... Behavioural information
TCP connections
62.75.182.94: https://www.virustot...94/information/
208.89.214.177: https://www.virustot...77/information/
___

Dropbox phish - hosted on Dropbox
- http://www.symantec....-hosted-dropbox
Updated: 18 Oct 2014 - "... In this scam, messages included links to a -fake- Google Docs login page hosted on Google itself. We continue to see millions of phishing messages every day, and recently we saw a similar scam targeting Dropbox users. The scam uses an email (with the subject "important") claiming that the recipient has been sent a document that is too big to be sent by email, or cannot be sent by email for security reasons. Instead, the email claims, the document can be viewed by clicking on the link included in the message. However, the link opens a -fake- Dropbox login page, hosted on Dropbox itself.
Fake Dropbox login page:
> http://www.symantec....1/Dropbox 1.png
The -fake- login page is hosted on Dropbox's user content domain (like shared photos and other files are) and is served over SSL, making the attack more dangerous and convincing. The page looks like the real Dropbox login page, but with one crucial difference. The scammers are interested in phishing for more than just Dropbox credentials; they have also included logos of popular Web-based email services, suggesting that users can log in using these credentials as well. After clicking "Sign in," the user’s credentials are sent to a PHP script on a compromised Web server. Credentials are also submitted over SSL, which is critical for the attack's effectiveness. Without this, victims would see an unnerving security warning.
Security warning:
> http://www.symantec....1/Dropbox 2.jpg
Upon saving or emailing the user's credentials to the scammer, the PHP script simply -redirects- the user to the real Dropbox login page. Although the page itself is served over SSL, and credentials are sent using the protocol, some resources on the page (such as images or style sheets) are not served over SSL. Using non-SSL resources on a page served over SSL shows warnings in recent versions of some browsers. The prominence of the warning varies from browser to browser; some browsers simply change the padlock symbol shown in the address bar, whereas others include a small banner at the top of the page. Users may not notice or understand these security warnings or the associated implications. Symantec reported this phishing page to Dropbox and they immediately took the page down. Any Dropbox-hosted phishing pages can be reported to the abuse@dropbox.com email address..."
 

:ph34r: :ph34r:  <_<


Edited by AplusWebMaster, 20 October 2014 - 02:42 PM.

Advertisement


#1307 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,440 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted 21 October 2014 - 06:04 AM

FYI...

Fake Invoice SPAM - Word doc malware
- http://myonlinesecur...rd-doc-malware/
21 Oct 2014 - "An email pretending to come from 'Humber Merchants Group' ps [random number]@humbermerchants .co.uk with a word document attachment and the subject of 'Industrial Invoices' is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... The email looks like:
    Attached are accounting documents from Humber Merchants
    Humber Merchants Group
    Head Office:
    Parkinson Avenue
    Scunthorpe
    North Lincolnshire
    DN15 7JX
    Tel: 01724 860331
    Fax: 01724 281326 ...


21 October 2014: 15040BII3646501.doc - Current Virus total detections: 0/52* . This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustot...sis/1413890645/
___

Fake Adobe Invoice Spam
- http://threattrack.t...be-invoice-spam
Oct 21, 2014 - "Subjects Seen:
    Adobe Invoice
Typical e-mail details:
    Dear Customer,
    Thank you for signing up for Adobe Creative Cloud Service.
    Attached is your copy of the invoice.
    Thank you for your purchase.
    Thank you,
    The Adobe Team
    Adobe Creative Cloud Service


Screenshot: https://gs1.wac.edge...AetU1r6pupn.png

Malicious File Name and MD5:
    invoice.zip (CABA79FCEB5C9FEF222C89C423AA2485)
    invoice.exe (29684FBB98C1883A7A08977CB23E90B6)


Tagged: Adobe, Wauchos
___

Fake Invoice SPAM - malware
- http://myonlinesecur...nvoice-malware/
21 Oct 2014 - "An email pretending to come from cato-chem .com < sales@ cato-chem .com > with a fake invoice has a subject of Please find attached PI copies of Invoice is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment...

Screenshot: http://myonlinesecur...ake-invoice.png

21 October 2014: proforma invoice.zip: Extracts to proforma invoice.exe
Current Virus total detections: 17/54*. This Please find attached PI copies of Invoice is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a file with a barcode as the icon instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustot...sis/1413858604/
___

ThetaRay turns to maths to detect cyber threats
- http://www.reuters.c...N0IA1JV20141021
Oct 21, 2014 - "As businesses face a growing threat of cyber attacks, Israeli start-up ThetaRay is betting on maths to provide early detection, enabling the shutdown of systems before damage can be done. The year-old company's first investor was venture capital firm Jerusalem Venture Partners. It is now also backed by heavyweights like General Electric, which uses ThetaRay to protect critical infrastructure such as power plants, and Israel's biggest bank, Hapoalim, which deployed the technology to detect bank account anomalies... Cyber security providers are moving away from protecting gateways with defenses such as firewalls to focus on detecting and preventing attacks before they penetrate organizations... Security experts estimate it can take more than -200- days to identify a cyber attack once it's been launched... Once a threat has been detected, ThetaRay leaves it up to humans to decide whether or not to shut down the system..."
___

U.S. national security prosecutors shift focus from spies to cyber
- http://www.reuters.c...N0IA0BM20141021
Oct 21, 2014 - "The U.S. Justice Department is restructuring its national security prosecution team to deal with cyber attacks and the threat of sensitive technology ending up in the wrong hands, as American business and government agencies face more intrusions. The revamp, led by Assistant Attorney General John Carlin, also marks a recognition that national security threats have broadened and become more technologically savvy since the 9/11 attacks against the United States... The agency is also renaming its counter-espionage section to reflect its expanding work on cases involving violations of export control laws... Such laws prohibit the export without appropriate licenses of products or machinery that could be used in weapons or other defense programs, or goods or services to countries sanctioned by the U.S. government... The result, according to experts, could be an uptick in the number of national security-related cases brought in federal court, a shift in focus from the National Security Division's prior mandate to investigate for intelligence-gathering purposes, and only prosecute a subset of cases... The counter-espionage section, which deals less with on-the-ground spies than it used to, will now be called the Counter Intelligence and Export Controls Section. A network of terrorism prosecutors around the country called the Anti-Terrorism Advisory Council, or ATAC, will also be renamed the National Security/ATAC network to make clear its broader responsibilities..."
 

:ph34r: :ph34r:  <_<


Edited by AplusWebMaster, 21 October 2014 - 11:43 AM.


#1308 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,440 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted Yesterday, 07:12 AM

FYI...

Fake Debt Recovery SPAM - PDF malware
- http://myonlinesecur...ke-pdf-malware/
22 Oct 2014 - "An email coming from random senders pretending to be B&D Digital Supplies or B&D Computers which is all about debt recovery and threatening legal action with a subject of  'Commercial Debt Recovery' , Ref No: [ random numbers]is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer... The email looks like:

Screenshot: http://myonlinesecur...bt-recovery.png

Be very careful with email attachments. All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email... it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
___

Fake customer service SPAM - doc malware
- http://myonlinesecur...rd-doc-malware/
22 Oct 2014 - "an email pretending to have a word document invoice attachment with a subject of Reference: [random characters] coming from [random name] 'customer service' at an unspecified company is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer... The email looks like:

    This email contains an invoice file attachment ID:VZY563200VA
    Thanks!
    Kelli Horn .


22 October 2014: ENC094126XJ.doc - Current Virus total detections: 0/54* . Be very careful with email attachments. All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email... The basic rule is NEVER open any attachment to an email, unless you are expecting it... Never just blindly click on the file in your email program..."
* https://www.virustot...sis/1413973355/
___

Fake Malformed or infected word docs with embedded macro viruses
- http://myonlinesecur...-macro-viruses/
22 Oct 2014 - "We are seeing loads of  emails with  Malformed or infected word docs with embedded macro viruses they are what appears to be a genuine word doc attached which is malformed and contains a macro or vba script virus. Modern versions of Microsoft office, that is Office 2010 and 2013 and Office 365 have Macros disabled by default, UNLESS you or your company have enabled them.  Opening this malicious word document will infect you if Macros are enabled and simply previewing it in  windows explorer or your email client might well be enough to infect you... Do -not- open word docs received in an email without scanning them with your antivirus first and be aware that there are a lot of dodgy word docs spreading that WILL infect you with no action from you if you are still using an outdated or vulnerable version of word. This is a good reason to update your office programs to a recent version and stop using office 2003 and 2007. The risks in using older version are starting to outweigh the convenience, benefits and cost of keeping an old version going... All modern versions of word and other office programs, that is 2010, 2013 and 365, should open word docs, excel files and PowerPoint etc  that are downloaded from the web or received in an email automatically in “protected view” that stops any embedded malware or macros from being displayed and running. Make sure protected view is set in all office programs to protect you and your company from these sorts of attacks..."

 

- http://blog.dynamoo....voice-file.html
22 Oct 2014
Screenshot: https://3.bp.blogspo...1600/image1.gif
VT1: https://www.virustot...sis/1413981604/
... Behavioural information
DNS requests
VBOXSVR.ovh.net: 213.186.33.6: https://www.virustot....6/information/
TCP connections
178.250.243.114: https://www.virustot...14/information/
91.240.238.51: https://www.virustot...51/information/
VT2: https://www.virustot...sis/1413982865/
___

Fake Wells Fargo SPAM – PDF malware
- http://myonlinesecur...ke-pdf-malware/
22 Oct 2014 - "An email pretending to come from Wells Fargo with a subject of 'You have a new Secure Message' is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... The email looks like:
  You have received a secure message
     Read your secure message by download AccountDocuments-10345.zip. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it.
     In order to view the secure message please download it using our Cloud Hosting...


22 October 2014: document_013982_pdf.zip: Extracts to: document_013982_pdf.exe
Current Virus total detections: 5/54* . This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustot...sis/1413986180/
... Behavioural information
TCP connections
188.165.214.6: https://www.virustot....6/information/
82.98.161.71: https://www.virustot...71/information/
188.165.237.144: https://www.virustot...44/information/
80.157.151.17: https://www.virustot...17/information/
UDP communications
173.194.71.127: https://www.virustot...27/information/
___

Flash Player exploit in-the-wild - CVE-2014-0569
- https://blog.malware...-vulnerability/
Oct 22, 2014 - "... less than a week ago, a critical flaw in the Flash Player (CVE-2014-0569*) was patched and made public:
* https://helpx.adobe..../apsb14-22.html
The vulnerability had been privately reported to Adobe through the Zero Day Initiative group giving the firm the time to fix the issue before it became known to the world. Typically security researchers and criminals will be very attentive to such news and skilled reverse engineers will start looking at the patch to be able to reconstruct the exploit. All things considered, there is normally a certain amount of time before a proof of concept is released and then a little more time before that poc is weaponized by the bad guys... Kafeinee**...  stumbled upon that same CVE in a real world exploit kit (Fiesta EK) only one -week- after the official security bulletin had been published... That means we have less and less time to deploy and test security patches. Perhaps this is not too much of a deal for individuals, but it can be more difficult for businesses which need to roll out patches on dozens of machines, hoping doing so will not cause malfunctions in existing applications. In any case, this was our first chance to test CVE-2014-0569 in the wild by triggering the Fiesta EK against Malwarebytes Anti-Exploit:
> https://blog.malware...E-2014-0569.png
It is crucial to patch any system running outdated Flash Player versions as soon as possible! You can check the version you are running (make sure to do this in all the browsers you use) by going here:
>> http://www.adobe.com...re/flash/about/
The bad guys are not going to run short of vulnerabilities they can weaponize at a quicker rate than ever before. This leaves end-users with very little room for mistakes such as failing to diligently apply security patches -sooner- rather than later..."
** http://malware.dontn...-2014-0569.html

> https://blog.malware.../tag/fiesta-ek/
 

:ph34r:  <_<


Edited by AplusWebMaster, Yesterday, 03:45 PM.


#1309 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,440 posts
  • Interests:... The never-ending battle for Truth, Justice, and the American way.

Posted Today, 06:43 AM

FYI...

Fake 'Order Confirmation' SPAM
- http://blog.dynamoo....ernational.html
23 Oct 2014 - "This fake Order Confirmation spam pretends to come from supertouch.com / Allied International Trading Limited but doesn't. The email is a -forgery- originating from an organised crime ring, it does not originate from supertouch .com / Allied International Trading Limited nor have their systems been compromised in any way.
    From:     Elouise Massey [Elouise.Massey@ supertouch .com]
    Date:     23 October 2014 10:52
    Subject:     Order Confirmation
    Hello,
    Thank you for your order, please check and confirm.
    Kind Regards
    Elouise
    Allied International Trading Limited ...


In the sample I received, the attachment was -corrupt- but should have been a file a malicious Word document S-CON-A248-194387.doc. The document and payload is exactly the same as the one being sent out today with this spam run[1] (read that post for more details) and is very poorly detected, although blocking access to the following IPs and domains might help mitigate against it:
87.106.84.226
84.40.9.34
jvsfiles .com
"

1] http://blog.dynamoo....ants-group.html

62.75.182.94: https://www.virustot...94/information/
___

Fake 'bank detail' SPAM - trojan
- http://blog.mxlab.eu...ontains-trojan/
Oct 23, 2014 - "... intercepted a new trojan distribution campaign by email with the subject “New bank details”. This email is sent from the spoofed address “”Bitstamp .net” <no_reply@bitstamp.net>”, while the real SMTP sender is AmericanExpress@ welcome .aexp .com, and has the following body:
    New banking details
    Dear Bitstamp clients,
    We would like to inform you that Bitstamp now has new bank details, please check attached file.
    We would like to assure those of you who sent deposits to our old details that our old IBAN is still active and your transfers, if otherwise sent with correct information, should arrive without a problem.
    Please note that SEPA transfers usually take 1 to 3 business days to arrive and would kindly ask those waiting for your SEPA transfers longer than usually to please send us a transfer confirmation so that we can examine our bank account log and locate your transfers.
    Also for those waiting on deposits we ask for your patience; we have accumulated a long list of transfers which lack information or contain wrong information which means we need to manually go through all of them instead of our system sorting them automatically.
    Best regards
    CEO, Nejc Kodrič
    Bitstamp LIMITED


The attached ZIP file has the name bank details.zip and contains the 24 kB large file bank details.scr. The trojan is known as Troj.W32.Gen, a variant of Win32/Kryptik.COEK, HEUR/QVM20.1.Malware.Gen or Mal/Generic-S. At the time of writing, 4 of the 53 AV engines did detect the trojan at Virus Total*. Now, MX Lab has also intercepted some emails -without- the malicious attachment but be aware that this email is a risk..."
* https://www.virustot...sis/1414073432/
... Behavioural information
DNS requests
VBOXSVR. ovh .net: 213.186.33.6: https://www.virustot....6/information/
___

Two exploit kits prey on Flash Player flaw patched only last week
- http://net-security....ews.php?id=2892
23.10.2014 - "Two exploit kits prey on Flash Player flaw patched only last week... The integer overflow vulnerability in question (CVE-2014-0569*) can allow attackers to execute arbitrary code via unspecified vectors, and is deemed critical (high impact, easily exploitable)... the time period was very short, and technical information about the vulnerability and exploit code hasn't yet been shared online... The exploit kits are used to deliver the usual assortment of malware, and some of the variants have an extremely low detection rate... If you use Adobe Flash Player, and you haven't implemented the latest patches, now would be a good time to rectify that mistake."
* https://web.nvd.nist...d=CVE-2014-0569 - 10.0

- http://www.securityt....com/id/1031019
CVE Reference: CVE-2014-0558, CVE-2014-0564, CVE-2014-0569
Oct 14 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Solution: The vendor has issued a fix (13.0.0.250 extended support release, 15.0.0.189 for Windows/Mac, 11.2.202.411 for Linux)...
Flash 15.0.0.189 released: https://helpx.adobe..../apsb14-22.html
Oct 14, 2014

For I/E: http://download.macr...15_active_x.exe

 

For Firefox (Plugin-based browsers): http://download.macr...r_15_plugin.exe

Flash test site: http://www.adobe.com...re/flash/about/
 

:ph34r:  <_<


Edited by AplusWebMaster, Today, 12:13 PM.

Advertisement



3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users