Phishing

This is really bad for so many reasons. It certainly doesn’t help their security. And yes, it’s completely legitimate.

Found this little gem today. It’s distributed with other malware, cracks and drive-by downloads. It purports to be a security warning from your Windows operating system. Notice the “Visa, MasterCard, etc” – it doesn’t even bother to list all the cards it accepts. The really cool thing about it is that it takes FAKE credit card numbers as well as real ones!

Sami, one of our test engineers, was recently seeking a Play Station 3. He found this offer at Huuto.net, a Finnish auction site. 160€ for a 60GB unit, with games, not bad. Sami wanted to confirm that the seller was legit, so he requested a picture, and received this. When he examined the image properties, he discovered that the picture was taken in 2008. ...

With virus and spam outbreaks, analysts needs to keep their nerves to analyze the situation and proceed to deal with the new threat. So, I wasn’t expected to be surprised by my friends’ actions on facebook this past weekend. It started innocently enough, as a post about getting a Free $25 Starbucks gift card for joining a particular group. The first person to join the group from my friends list happens to work for a non-profit organization helping young people. So, I expected the young people on his “friends list” to join this group shortly. ...

We were made aware that phishing for Skype credentials is currently taking place. The link the phishing mails direct to are dangerous – they aren’t detected by any phishing filter of the popular browsers yet. One thing caught my attention. Modern browsers should support domain highlighting so that the real domain is visible when someone surfs the Internet. Like Internet Explorer 8 properly does: There you can clearly see that you are not on the Skype website, but on another domain. ...

I am a very lucky guy. In fact, I must be the luckiest person in the world since spammers like to send all kinds of lucky spam to me. These days, I get inundated with lucky spam. The last spam I had, I got offered a free gift card if I purchased some Viagra from them. Wow. On other days, asking me to lose my weight results in instant chances of winning a lottery at the same time and all of this is due to my lucky email address. ...

False images from Cosmopolitan infect computers with fake antivirus product BitDefender today warned of a new threat following the flood of interest in the result of the January 19th Massachusetts elections. The day after his winning Senate campaign, nude pictures of Cosmopolitan’s Sexiest Man of 1982 Scott Brown not only stirred women’s imaginations, but also got the interest of malware creators. The latter exploited the news to spread a fake antivirus: Trojan.FakeAV.XP. Instead of spicy pictures, the targeted user received messages of false infections on their computer and prompts to buy a fake antivirus product. ...

Symantec Security Response has repeatedly warned that looking for free movies and videos online often results in malware infection, and here we go again with yet another example. We recently became aware of a campaign, centered around the YouTube Web site, to trick users into following malicious links. YouTube is one of the most popular video sharing sites and therefore is often picked by online criminals hoping for an easy catch. Performing a search using a (generally female) celebrity’s name followed by “sex tape” or a recent movie name yields results such as the following: ...

This week we’ve seen a spam campaign aimed at separating unsuspecting users from their iPhone details. Messages have the subject “IMPORTANT: Your iPhone Warranty Extension for 1 Year!”, pretend to be sent from “[email protected]”, and look as follows (click to enlarge the image): Recipients who feel like they can’t let this limited-time too-good-to-be-true special offer pass them by will find themselves redirected to the following page: ...

A day after the disaster that struck the Caribbean nation of Haiti, Rogue perpetrators have once again been busy with their SEO poisoning schemes. Searching for terms related to this earthquake leads to a website that installs a Rogue into the system. It happens when an unsuspecting user searches for Haiti Earthquake details. Happily clicking the link leads to this page: Then this… And this… ...