Malware

SophosLabs: Messages are spreading between Facebook users, claiming that members of the social network have lost all respect for popular songstress Rihanna after watching a video. However, if you’re careless enough to click on the link you will find yourself lured into a survey scam that attempts to earn affiliate cash for fraudsters. A typical message trying to tempt users into falling for the scam looks like this: ...

avast: While taxpayers are the regular target of springtime malware schemes, this year the bad guys are aiming for the accountants. A series of imposter emails are threatening recipients with the removal of their professional accreditation if they fail to respond promptly. The tax-phish appear to be from organizations such as the American Institute of Certified Public Accountants(AICPA), Better Business Bureau(BBB), and Intuit tax services. After clicking on the email, users are redirected through a hacked legitimate site to the final malware distribution center where their computer can download fake antivirus or another malware package selected by the bad guys. ...

At the RSA Conference 2012, former McAfee executives George Kurtz and Dmitri Alperovitch have presented a Remote Access Tool (RAT) that infects Android smartphones (version 2.2). They used an as-yet unpatched bug in Android’s WebKit browser to inject the malware. The researchers say that they bought the vulnerability information, and a range of other tools, on the black market. The finished exploit is based on 20 components that apparently cost a total of $1,400 on the black market. ...

Sunbelt: Be wary of emails claiming to be from AICPA – as per their alert here, these are not real and any mention of “unlawful tax return fraud” is just a bait to convince the end-user to open up a malicious attachment (in this case, a .doc file although there are rogue PDF files in circulation too). As with many of the malicious spam campaigns doing the rounds at the moment, this one will use the Blackhole exploit kit to serve up zbot from multiple compromised domains. Worse, a Sakura kit (typical example here) will download Sirefef / ZeroAccess , which as we’ve seen elsewhere is not a good thing to have on your system. ...

Symantec: The world is mourning the loss of another legendary pop singer also known as the queen of pop – Whitney Houston. Spammers are paying homage to the icon with a wicked malware. The malicious email shows a video of the last appearance of the star in a Los Angeles night club and also downloads an executable binary. This file is detected by Symantec Antivirus as WS.Reputation.1. ...

SophosLabs: It’s Valentine’s Day tomorrow and the spammers are out in force to make the most of unwitting shoppers on the international day of love. Looking to buy a present for someone this Valentine’s Day? Ooh look what popped into my inbox, an email inviting me to buy my Valentine an *ahem* “romantic” gift. Valentine’s Day, the 14th February, is the day we celebrate our feelings of affection for our boyfriends, girlfriends, husbands and wives. It is traditional to do this with a special romantic gift. Looking for a Valentine’s Day Gift for him or the perfect token of love for her? Look no further than here! ...

Sorin Mustaca wrote at Avira TechBlog: In case you’ve seen this on Facebook, try to not click on it even if you understand French (it appears to be only in Franch) because it will take you on a road where you don’t want to be. But, we like to live dangerous, so we analyzed this for you. Continue Reading at Avira TechBlog: http://techblog.avira.com/2012/02/13/new-captcha-method-or-just-another-likejacking-scam/en/

SophosLabs: ComputerWorld today reports that the UK’s Metropolitan Police has warned Windows users of a malware attack that poses as a message from the computer crime-fighting cops themselves. The ransomware attack attempts to lock the computer, and posing as an unofficial notice from a law enforcement agency, claims that the victim’s PC has been determined to have visited illegal websites. Only payment for a fine, claims the message, will restore the computer’s functionality. ...

The Hacker News: Roland Dela Paz, a threat response engineer with Trend Micro have discovered a piece of malicious software that automatically uploads its stolen data cache to the SendSpace file-sharing service for retrieval. File-storage services offer several advantages for cybercriminals. SendSpace accepts files and then generates a link that can be shared with other people to download the content in the files. The malware has been configured to send files, copy the download link and send it to a command-and-control server along with the password needed to access the archive, Dela Paz wrote. ...

SophosLabs: Beware of malware lurking on news websites claiming to containing breaking news stories. I’ve seen a worrying number of Facebook users posting the same status messages today, claiming that the United States has attacked Iran and Saudi Arabia in a move heralding the beginning of World War 3. Well, that would certainly get your attention, wouldn’t it? A typical status message looks like the following: U.S. Attacks Iran and Saudia Arabia. F**k 🙁 [LINK] The Begin of World War 3? ...