Online pharmacy spam campaign faking Twitter

During the weekend our spamtraps received large amounts of emails pretending to come from Twitter. This time, the social engineering twist lies within the subject of the email: It is “You have 2 urgent messages from Twitter!”, creating psychological pressure by some kind of emergency within in the social surroundings of Twitter users. This way the spammers try to increase the rate of the users that are opening the email and click on the links. ...

October 12, 2010 · 1 min · 185 words · Omid Farhang

“This offer is available TODAY only!!!”

Hmmm. That’s not what the source code says We started out the day fat fingering the spelling of “youtube.com” and ended up at the typo squatting site behind the URL “youube.com.” youube.com redirects you to http://youtube.com-prizes.com – obviously a URL intended to make you think it’s really YouTube. Like so many of these “survey” scam web sites, the offer was available “today only: Thursday, October 7, 2010.” Obviously, this is to add a little bit of sales pressure to make a visitor go for the prize ASAP, or at least before midnight. ...

October 7, 2010 · 2 min · 366 words · Omid Farhang

Twitter password phishing

Our friend in the UK got this via a contact. It was from a Twitterer who obviously had his Twitter login stolen: (Twitter apparently is filtering this URL at this point.) The link led to a phishing page that used the deceptive tactic of showing an error message: “Wrong Username/Email and password combination.” You login, it steals your Twitter password, sends the above Tweet to all your contacts and continuing rounding up passwords. ...

October 7, 2010 · 2 min · 219 words · Omid Farhang

Browser cookies are becoming an issue

The New York Times is reporting a rising number of law suits against some major players because of their use of persistent web tracking: — Fox Entertainment Group — NBC Universal — Specific Media — Quantcast The Times said the suits are claiming that the companies used Flash cookies to collect data on browsing activities in spite of the fact that users had privacy settings on to block them. ...

September 23, 2010 · 3 min · 483 words · Omid Farhang

More Spam with JavaScript redirectors

We received new spam emails which contain a JavaScript redirector in form of a HTML attachment. The emails we received have the subject “Consultation Appointment”. The decrypted JavaScript consists of new JavaScript code. This JavaScript redirector loads yet another JavaScript from the internet. The domain which is hosting the malicious .js is registered to someone from Malaga. Domain tools show that this person has registered about 2.400 other domains. ...

September 23, 2010 · 1 min · 96 words · Omid Farhang

“Here you have” worm linked to cyber jihadists

A worm collectively dubbed by the security industry as the “Here you have worm” has been making its way onto corporate networks over the past 24 hours. The worm arrives via e-mail using the subject line “Here you have” or “Just For you“ along with an executable disguised as a PDF file. It first appeared last month sending spam e-mails from [email protected]. The worm creates the following files: (Note: See the full report in our sandbox -> http://x.maldb.com/?p=44309#more-44309) ...

September 11, 2010 · 2 min · 307 words · Omid Farhang

This could save your LIFE!

The following internet advice which may have a subject title such as above could just get you killed. Like any other middle aged, balding, over-weight chap my mother still worries about me. So when her friend sent this to her and many other people, she forwarded it to me first:- Just in case!!! Let’s say it’s 6.15pm and you’re going home (alone of course), after an unusually hard day on the job. ...

August 29, 2010 · 4 min · 811 words · Omid Farhang

The bad guys are going after the Pirates

File-sharing organization Pirate Bay has been controversial for a long time, like maybe the length of its entire existence. It’s been in the news recently because a number of governments are trying to shut it down. That’s a situation ripe for social engineering. We found this scheme this morning: a number of typo-squatting sites carrying the following. (Note: the REAL Pirate Bay site is thepiratebay.org.) What would lead a victim to this? The phony site piratebay.com (below) comes up as the third result on a Google search for “piratebay” or fourth for “pirate bay.” ...

August 29, 2010 · 1 min · 189 words · Omid Farhang

How to Get Hacked on Facebook

One of the most common scenarios we observe on a daily basis are users coaxed into phishing campaigns and malicious applications on Facebook. As we interact with our friends and family on social networks, we tend to trust of any and all of the information that appears to be from our “trusted network.” However, Facebook is one of the most trolled social networks by cyber criminals. They are waiting for you to make a mistake and once you make it, they will be sure to hack you and exploit your friends trust through your newly hacked account. ...

August 29, 2010 · 2 min · 411 words · Omid Farhang

Facebook Malware Attack Behind Distracting Beach Babes Video

A Facebook malware attack is on the loose this weekend, enticing users to click a “Distracting Beach Babes” video on their Facebook Walls. The Wall message reads: “this is hilarious! lol 😛 😛 😛 Distracting Beach Babes [HQ] Length: 5:32″. If you see this video on Facebook today, do not click the link: Doing so, and downloading a linked file, will result in malware being installed on your computer. ...

May 22, 2010 · 1 min · 106 words · Omid Farhang