2072 replies to this topic

[AplusWebMaster]

FYI...

Fraud Advisory for Consumers... Involvement in Criminal Activity Through Work from Home Scams
- http://www.us-cert.g...sumers_released
October 25, 2010 - "As part of a joint effort, the United States Secret Service, the Federal Bureau of Investigation, the Internet Crime Complaint Center (IC3) and the Financial Services Information Sharing and Analysis Center (FS-ISAC) have released Fraud Advisory for Consumers: Involvement in Criminal Activity through Work from Home Scams (PDF)*. The document explains that criminal syndicates are using newspaper ads, online employment services, and unsolicited emails to recruit consumers to launder stolen money. Individuals who are knowing or unknowing participants in this type of scheme could be prosecuted and may have their own identities or bank accounts stolen..."
* http://www.ic3.gov/m.../WorkAtHome.pdf

Fraud Advisory for Businesses... Corporate Account Take Over
- http://www.us-cert.g...nesses_released
October 25, 2010 - "As part of a joint effort, the United States Secret Service, the Federal Bureau of Investigation, the Internet Crime Complaint Center (IC3) and the Financial Services Information Sharing and Analysis Center (FS-ISAC) have released Fraud Advisory for Businesses: Corporate Account Take Over (PDF)**. The document explains that cyber criminals are targeting small- and medium- sized businesses and using methods such as malicious code, phishing, and social engineering attacks to compromise business banking accounts. Once these accounts have been compromised, cyber criminals can fraudulently transfer funds out of them and can cause significant business disruption and substantial monetary loss..."
** http://www.ic3.gov/m...untTakeOver.pdf

[AplusWebMaster]

FYI...

Koobface for Mac OS X targets Java
- http://krebsonsecuri...va-on-mac-os-x/
October 27, 2010 - "A new version of the infamous Koobface worm designed to attack Mac OS X computers is spreading through Facebook and other social networking sites... Intego says this Mac OS X version of the Koobface worm is being served as part of a multi-platform attack that uses a malicious Java applet to attack users. According to Intego*, the applet includes a prompt to install the malicious software... Last week, Apple shipped a new version of Java** for OS X that fixes at least four security holes in the program. Updates are available through Apple Software Update or Apple Downloads..."
* http://blog.intego.c...itter-and-more/

** http://forums.whatth...=...st&p=689878

- http://www.symantec....tiple-platforms
Oct. 28, 2010

Edited by AplusWebMaster, 28 October 2010 - 10:23 AM.

[AplusWebMaster]

FYI...

SPAM still prolific ...

All Tricks & No Treat for Anti-Spam Engines
- http://community.web...am-engines.aspx
29 Oct 2010 - "... always be cautious in opening emails from unknown users."

“Pump & Dump” Spam turns to Indian Stocks
- http://www.symantec....s-indian-stocks
Oct. 28, 2010

Dating and Malware Spam dominates the Top Spam Subject Lines
- http://www.symantec....m-subject-lines
Oct. 28, 2010

... MORE examples of spam subject lines:
Subject: DIWALI OFFER FROM <removed> UK.
Subject: Celebrate this Diwali with <removed> T-Shirts - Redeem voucher included
Subject: <removed>: Diwali offer
- http://www.symantec....-light-festival
Oct. 28, 2010

- http://www.darkreadi...cleID=227900050
Oct. 15, 2010 - "... The Zeus-laden attack poses as an alert from the government's electronic tax payment system, telling recipients that their payment was rejected and sending them to a link that both infects them and redirects them to the legitimate electronic federal tax payment system website... high volumes of spam emails with subject lines such as, "LAST NOTICE: Your Federal Tax Payment has been rejected in the system"... the attack came from domains registered in Russia and was staged in two waves... While it's a typical wide-net spam run, the attackers appear to be targeting mostly small to midsize businesses that electronically file their quarterly taxes, he says. The attack drops either a Java v18 exploit or an Adobe PDF one, he says, depending on which one the victim's machine is vulnerable to. "It evaluates your OS and determines the best attack, and then redirects you to a page that delivers the payload exploit," he says. It then downloads a keylogger and the Zbot malware to the victim machine. The keylogger grabs any information the victim types into the real tax website, and the Zbot malware makes the machine turn around and spam other potential victims in the same attack."
- http://www.securityw...ive-zeus-attack

Edited by AplusWebMaster, 06 November 2010 - 10:54 AM.

[AplusWebMaster]

FYI...

Don’t click that “pic.exe” file
- http://labs.m86secur...t-pic-exe-file/
November 3, 2010 - "Nowadays, spammers usually craft elaborate and enticing scams to lure a lot of people into taking action. However, a spam campaign we observed recently is one of the more cruder forms of social engineering. Attached to the spam message is simply an executable file named “pic.exe” that claims be naked pictures. This spam has been circulating with the subject line, “hi my love“... spammers probably don’t care if a spam campaign is unsophisticated. They can send millions of messages, and a few people will inevitably get sucked in anyway. Secondly, these days getting infected usually means multiple pieces of malware doing different things on your computer. Some malware may be obvious like Fake AV, but most will be hidden."

[AplusWebMaster]

FYI...

- http://tools.cisco.c...Outbreak.x?i=77
Threat Outbreak Alert: Fake Attached Resume E-mail Messages...
November 08, 2010
Threat Outbreak Alert: Fake Unicaja Bank Security Update E-mail Messages...
November 08, 2010
Threat Outbreak Alert: Fake Security Update For Microsoft Windows E-mail Messages...
November 08, 2010
Threat Outbreak Alert: Fake Self-View Video Link E-mail Messages...
November 08, 2010
Threat Outbreak Alert: Fake Scanned Document E-mail Messages...
November 08, 2010
Threat Outbreak Alert: Fake Chat Invitation E-mail Messages...
November 08, 2010

- http://blogs.cisco.c...er-frenetic-it/
November 8, 2010 - "When you access your email each day, do you do so at a distance of 15 paces because you’re just not sure what might jump out of that inbox? You can just about anticipate an email detailing how another user has caused a “blip” that will stretch your capabilities to protect both the user during their online engagements and the assets of the company..."

- http://www.ironport.com/toc/
Virus Outbreak In Progress - (Last Updated: November 10, 2010)
- http://tools.cisco.c...Outbreak.x?i=77

Edited by AplusWebMaster, 10 November 2010 - 12:29 PM.

[AplusWebMaster]

FYI...

Facebook app links to malware...
- http://www.trustedso...inks-to-Malware
November 11, 2010 - "... a malicious Java applet was being linked through a Facebook application. Users don’t have to install the Facebook app on their profiles to be be exposed to this threat. On browsing to a specific Facebook application page displayed in an Eastern European language, the page connects to a malicious site that hosts a signed Java applet that claims to be “Sun_Microsystems_Java_Security_Update_6" and is published by “Sun Java MicroSystems”... The only indication of suspicious activity is the fact that the digital signature cannot be verified by a trusted source. The warning also requests permission from the user to run the applet... In this case, when the user clicks Run, the Java applet downloads an arbitrary executable from a URL passed as a parameter on the website... The downloaded trojan payload is a password stealer which search for passwords stored on the user’s machine..."

> http://forums.whatth...=...st&p=694002

Edited by AplusWebMaster, 11 November 2010 - 10:54 AM.

[AplusWebMaster]

FYI...

(More) Fake e-mail SPAM messages...

- http://tools.cisco.c...Outbreak.x?i=77
Fake Hotmail Account Deactivation E-mail Msgs... November 12, 2010
Fake Scanned Document E-mail Msgs... November 12, 2010
Fake DHL Shipment E-mail Msgs... November 12, 2010

- http://www.ironport.com/toc/
Virus Outbreak In Progress - (Last Updated: November 12, 2010)

- http://blog.trendmic...am-on-the-rise/
Nov. 15, 2010

Edited by AplusWebMaster, 16 November 2010 - 06:23 AM.

[AplusWebMaster]

FYI...

Worms in IM chats...
- http://www.theinquir...messenger-links
Nov 15 2010 - "... Microsoft has shut down links to some websites in the 2009 builds of Windows Live Messenger. According to the Vole's blog*, disabling the feature was designed to prevent the spread of a malicious worm. The worm requires users to click a link within a message, upon which it will load a webpage that downloads the worm to your PC and then it sends the same message to people in your contact list. It only affected those who had not upgraded to the newest version of Messenger that uses Microsoft's Smartscreen, which shows up when you click on any link shared via Messenger. A spokesperson said that the malicious worm was trying to spread itself through many of the world's largest instant messaging and social networks, including Windows Live Messenger 2009. The worm spreads by inserting a link into an IM conversation with a person whose computer is already infected. Normally, when Messenger sees a web address in a conversation it is turned into a hyperlink which, when clicked, automatically opens in a web browser. This feature made it a doddle for the worm to be unknowingly installed on your computer by clicking on the link and being sent to a website containing the malicious software. Some customers might also see a notification in the main Messenger window warning them that some features might not be available, the spokesperson said."
* http://windowsteambl...cious-worm.aspx

[AplusWebMaster]

FYI...

Asprox spamming more Sasfis
- http://labs.m86secur...ng-more-sasfis/
November 17, 2010 - "Ever since the recent take down attempts of the Pushdo and Bredolab botnets, the volume of malicious spam has dropped substantially. But there is still one major player spamming out malicious executables, namely the Asprox spambot. Malicious spam campaigns purporting to be from DHL, Fedex, UPS or USPS have been spammed by the Asprox botnet ever since it resurrected in the mid 2010. These messages contain zip file attachments containing executable files which are almost exclusively the Trojan Sasfis, a downloader bot... The extracted Sasfis executable file usually has a Microsoft Excel icon. The payload varies depending on the task sent by the control server. Recently, we have seen it download Fake AV installers... Currently, the Sasfis trojan is requesting commands from the domain name showtimeru .ru... In our previous blogs* about Asprox, we highlighted three of the domains that the bot connects to. In the newer samples however, Asprox is connecting to the inglo-kotor .ru domain name. Interestingly, the previous and the newer domains points to the same server in Sweden**... In summary, it is the same old well-worn theme that Asprox has been using for six months. Don’t get too excited if you see this in your inbox, especially if you are an avid online buyer expecting a package."
* http://labs.m86secur...ection-attacks/

(Screenshots available at both m86 URLs above.)

** http://labs.m86secur...1/IP-sweden.png

[AplusWebMaster]

FYI...

New Asprox Facebook SPAM campaign
- http://labs.m86secur...-spam-campaign/
November 19, 2010 - "... new Asprox template purporting to be an email from Facebook support. This spam campaign claims the user’s Facebook password has been changed or access to their account has been blocked... As before, the attachment is the Sasfis trojan, the same breed of downloader Trojan we discussed yesterday. This sample however connects to a different domain; pupmypzed .ru... Just this week, there was outrage when many Facebook users, many of whom were female, found their accounts disabled following an automated Facebook system ‘cleanup’ of dubious accounts. Spammers may have taken advantage of this publicity..."
(Screenshots available at the m86 URL above.)

[AplusWebMaster]

FYI...

- http://labs.m86secur...rvice-or-is-it/
December 6, 2010 - "... Users should carefully check the links coming from emails, Facebook or any other social network, when the sender is unknown and the link is shortened, because there is no guarantee the URL is safe ..."

Facebook SCAMS multiply...
- http://nakedsecurity...-facebook-scam/
November 21, 2010 - "... Surveys like this generate revenue for the scammers who are behind the application - they earn commission for every survey that is completed. In the background meanwhile, the rogue application has abused your social networking account spreading the spam virally via your wall to your Facebook friends and family... scams like this will continue for as long as users continue to fall for silly tricks like this, and the scammers continue to find it financially rewarding. If you've been hit by a scam like this, remove references to it from your newsfeed, and revoke the right of rogue applications to access your profile via Account/ Privacy Settings/ Applications and Websites. Don't forget - if you know young people who use Facebook, you should warn them about scams like this and teach them not to trust every link that is placed in front of them..."

- http://nakedsecurity...ok-survey-scam/

- http://nakedsecurity...-facebook-scam/

- http://nakedsecurity...k-profile-care/

- http://nakedsecurity...ok-survey-scam/
___

20 percent of Facebook users exposed to malware
- http://news.cnet.com...0023626-36.html
November 22, 2010

Security apps for Facebook ...
- http://www.facebook....r.safego?v=info
BitDefender safego
- http://www.facebook....id=177000755670
Defensio - Websense

- http://www.theregist...malware_survey/
24 November 2010 - "... one in five items on the news feeds of Facebook users lead to malicious content. More than three in five (60 per cent) of these attacks come from notifications generated by malicious third-party applications on Facebook's developer platform - BitDefender's stats comes from users of safego... similar to figures from users of BitDefender's tool... Websense's Defensio tool... about 10 per cent are spam or malicious..."
___

Facebook accounts disabled
- http://sophosnews.fi...trend.jpg?w=640

- http://nakedsecurity...ounts-disabled/
November 16, 2010

Edited by AplusWebMaster, 06 December 2010 - 12:03 PM.

[AplusWebMaster]

FYI...

Holiday shopping advisories ...

- http://news.cnet.com...023728-245.html
November 24, 2010

- http://blog.trendmic...soned-searches/
Nov. 23, 2010

- http://www.ic3.gov/m...010/101118.aspx
November 18, 2010

- http://www.f-secure....e-shopping.html

- http://www.bbb.org/u...ng-online-23416
11.15.2010

- http://newsroom.mcaf...article_id=3707
11.15.2010

Edited by AplusWebMaster, 29 November 2010 - 07:31 AM.

[AplusWebMaster]

FYI...

Ecard SPAM malware - from "banks" ...
- http://techblog.avir...-from-banks/en/
November 30, 2010 - "Our spamtraps started to get flooded with a new type of spam which is spreading a malicious file. The authors somehow couldn’t decide how to make the scam more credible, so they mixed up whatever they could find. The email pretends to be an electronic card coming from a “Europe Bank” but in the body the German bank “Bankpost” (which doesn’t exist, but should remind the recipient of Postbank obviously) is mentioned... The file referenced is called “card.exe” and contains the Trojan detected by our products TR/Drop.Agent.ctj.
With Christmas coming soon, we expect more and more of such scams pretending to be ecards from known persons, financial institutions and companies. Never click on the links contained, never execute the files attached in the email..."

[AplusWebMaster]

FYI...

Fake viral SPAM messages ...
- http://tools.cisco.c...Outbreak.x?i=77
Fake System Performance Software E-mail Messages...
December 06, 2010
Fake Secure Banking Application E-mail Messages...
December 06, 2010
Rapidshare Link E-mail Messages...
Updated! December 06, 2010

- http://www.ironport.com/toc/
Virus Outbreak In Progress

- http://labs.m86secur...rvice-or-is-it/
December 6, 2010 - "... Users should carefully check the links coming from emails, Facebook or any other social network, when the sender is unknown and the link is shortened, because there is no guarantee the URL is safe ..."

[AplusWebMaster]

FYI...

SPAM msgs lead to "Virus Outbreak In Progress" ...

- http://tools.cisco.c...Outbreak.x?i=77
Fake United Parcel Service Shipment Arrival E-mail Messages...
New! December 10, 2010
Fake DHL Shipment E-mail Messages...
Updated! December 10, 2010
Rapidshare Link E-mail Messages...
Updated! December 10, 2010
Fake Chat Invitation E-mail Messages...
Updated! December 10, 2010

- http://www.ironport.com/toc/
Virus Outbreak In Progress ...