Today there’s a phishing run underway in Twitter, using Direct Messages (“DMs”). These are private one-to-one Tweets inside Twitter. The messages look like these: If you follow the link, you end up to a fake Twitter page: If you mistakenly give out your credentials, the attackers will start sending similar Direct Messages to your contacts, posing as you. ...
Benjamin Franklin once wrote, “‘In this world nothing can be said to be certain, except death and taxes.” These days we can add to the certainty of those two inevitable events with the addition of the annual scams that accompany tax time. For those of you who haven’t heard of this type of scam, it’s basically another way to separate a man from his money, or if you want to look at the bigger picture, a way to defraud the federal government. Either way, your wallet suffers. The financial website money-zine has a good article on the latest tax scams you may encounter on the Web. ...
Most of us are familiar with how high profile news events are used for malware distribution. We’ve seen it many times such as with Tiger Woods’ scandal and the earthquake in Haiti. Now the recent earthquake in Chile is used to prey upon unsuspecting folks interested in what’s going on with the post-quake and tsunami. This shows we should really be careful in our choices of where we go to get information. Try any related search term or phrase related to “Chile Earthquake”, “Tsunami”, etc. I’ve done so and will walk us through a few examples of risky to malicious content that my search turned up. This type of malware distribution tends to target the broadest audience possible, so I entered the search term “Chile” and then let Google auto-complete my search to “Chile quake 2010 tsunami” to load what is a popular search phrase. Almost immediately, among some recognizable news site results are random blog posts touting words like “download” or “.exe”. We should be suspicious of these. ...
Hot on the heels of the Patch Tuesday announcements yesterday, came the announcement of a new zero-day in Internet Explorer (CVE-2010-0806). Whilst checking through some URLs supposedly serving up malicious code to exploit this vulnerability, I noticed a link to some spam runs from earlier in the week. On March 8th SophosLabs saw spam messages attempting to trick the recipient into visiting rogue web pages. Messages used at least two social engineering tricks to lure victims into clicking the malicious link. ...
Hollywood celebrity Corey Haim has died in typical tabloid fashion: “under investigation.” And we all know that celebrity death equals Internet scams by the boatload. There are a number of spam runs currently circulating on video sharing sites such as Youtube, ready to catch out the curious and the unwary. Shall we take a look? “Suicide or killed! Watch Corey Haim first found dead” ...
Malware has traditionally been easy to spot and classify, mainly because it was created to serve a specific nefarious purpose and nothing else. In the ongoing arms race between malware authors and the security industry, stealth and other ‘in plain sight‘ technologies are emerging as clear favorites. Case in point is a recent Craigslist phish, disguised as a phone update – nothing new about malware pretending to be something it isn’t, but that’s not where the story ends. Examining the executable shows that it is nothing more than a RAR self-extracting (SFX) archive – and thus not inherently malicious. ...
Cybercriminals are attacking bloggers who use Google’s Blogger.com. We have received emails intended for bloggers to update their account. Here’s the snapshot email of the email we have received: The email contains link that will redirect to fake login page of the “Blogger.com”. As seen from the highlighted link, it has a root domain “*.erdca.kr” which is differ from the authentic root domain of blogger.com. The fake login page which is known as phishing site appears to be like this: ...
We frequently read stories about spammers who can circumvent CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) authentication. Using bot-infected machines, they can create a vast number of random e-mail accounts for spamming purposes. This week, a federal judge in Newark, New Jersey, revealed the latest use of a botnet-like network with a CAPTCHA breaker. In this case, the computers overseen by the defendants were used to buy seats for high-profile concerts and sports events from ticket sellers’ websites. The defendents later allegedly resold the tickets on Internet at much higher prices. ...
On Friday evening I was talking to a North American customer who had been fighting with infections caused by SEO poisoning. They mentioned a particular search term that could generate new samples of FakeAVs. The funny thing was that the website hacked by the SEO poisoner was a blog of someone trying to promote legitimate business use of SEO technologies.. If you click on any of the links returned by the search you would be redirected to an Indian site containing this image: ...
This morning while I was enjoying my coffee I received an event notification for my personal Facebook account. It was for a group called “See Who’s Spying On Your Profile – GET NOTIFIED -”. and “See Everyone Who Views Your Profile”. Immediately, my security hat went on and I started to investigate. At first glace, they are both pyramid schemes. In both, you become a fan, then you have to suggest the page to 50 of your friends to move onto the next stage. From there the tactics diverge slightly. In the first one, you need to take a marketing quiz that asks for all sorts of personal info, and you need to put in your Facebook username and password, so they can “monitor” your profile. AND you have to provide them with your mobile number. Now wait a minute… why would they need my mobile number? ...