Phishing

In Additional to my last Post: http://boelectronic.blogspot.com/2010/03/free-fakeav-at-virus-total-thats-not.html VirusTotal.com [http://en.wikipedia.org/wiki/VirusTotal.com] is a brilliant site that helps both public and researchers alike determine if an executable file they have is potentially malicious or not. Julio Canto (of VirusTotal fame) has noticed that somebody decided to cash in on the good name of the site with the following domain: virus-total(dot)in Go there, and you’ll see a message claiming the site is a “free online antivirus scanning service, click SCAN to begin scanning:“ ...

It’s been ten years already; can you believe it? I’m talking about the U.S. Census. It’s been ten years since the last one. Time to do it again. No, it wasn’t on my calendar either. To remind all of us and to encourage us to participate, the U.S. Census Bureau is spending $340 million to get the word out. There was even a Super Bowl ad. The Census Bureau will not be the only ones trying to get our attention and encouraging us to help them collect data. Cybercriminals will be doing the same thing. But they’ll be trying to fool us into thinking they are the Census Bureau. And the data they’ll be collecting will be a little different. It will be personal information they can use to rip us off. ...

VirusTotal has been well known to most readers of the blog. It’s a free virus and malware online scan service which allows submitters to test a particular file against a multitude of malware scanners. So, it’s not highly surprising that malware authors would try to use that name to further their gain. Today we came across such a sample arriving at one of our spamtraps through a car-related forum. The message looks like this: ...

The Australasian Consumer Fraud Taskforce began its 2010 Fraud Week campaign today with release of the first Australian Competition and Consumer Commission (ACCC) scams activity report. Wednesday it will release information to help small businesses protect themselves. The March 1-7 Fraud Week hopes to reduce the incidence and impact of fraud and scams. The annual event tries to co-ordinate the release of information for consumers, timed to coincide with the International Consumer Protection Enforcement Network Global Consumer Fraud Prevention Month. ...

A massive earthquake struck near the Chilean city of Concepcion in the early hours of the morning of February 27th, 2010. The quake measuring 8.8 on the Richter scale was considerably stronger than the one that recently caused widespread destruction on the island of Haiti. Fortunately, despite the size of this latest quake, so far there has been few reported casualties. The quake occurred near the coast and tsumani warnings were issued for many countries bordering on the Pacific ocean. Unfortunately as with any major news event, miscreants are not slow to pounce when such opportunities arise to further their aims. ...

A few days ago, I blogged saying that Old websites don’t die they just get infected the other scenario is that they become part of a spammers SEO campaign. Working today, I went to check to see if the local police authority had cleaned up their old web page. So I wgetted the file and scanned it. It was no longer infected (hooray!) but the file was quite big. Opening the file in lynx (a simple web browser) I saw: ...

People looking to take advantage of the savings from the government during these harder financial times are being hit with other financial burdens (Rogue AV software). Our (environmentally conscious) researcher Adam Thomas heard about a “green” hot water heater that might be a good addition to his Earth-friendly home. So he did a Web search for “GE geo spring water heater.” What he found wasn’t Earth or anything else-friendly! SEO poisoning galore: ...

In this post I want to highlight how SEO attacks are working: Pages using server side kits to fool search engine bots into ranking them high in results are uploaded to legitimate web sites. If all goes to plan, when a user searches for a popular term, high up in the search engine results are links to these pages. In the example below, the malicious SEO page was the 2nd item in the search results (highlighted in blue). When the user arrives on such a page (highlighted in green in the example below), the referrer is typically checked to ensure they came from a search engine. If so, there are redirected (302 redirect) to another site (orange below). There are typically additional levels of redirection from this point. In the example shown below, the user is bounced from the .org to the .in site (purple). Finally, the user will be redirected to the fake AV distribution site (red). This is where the user receives the usual visual trickery, in order to fool them into installing the rogue application. ...

Imagine that you’re sitting at home catching up on your email backlog. In comes an email from your ISP, FooBarBazCo (some creativity required here, I know). The email seems to be from Technical Support – ‘From: FooBarBazCo.com Team’ – and states that you need to update your email settings as a result of a recent security upgrade. Can you trust it? Today we observed an increase in spam messages containing links to a particular malicious URL. The messages masquerade as having come from mail administrators, with the ‘from’ address spoofed so that they appear to have come from the same network domain as the address to which the mails are sent (the ‘from’ and ‘to’ addresses are actually identical, although this will not be visible in most email programs). ...

Fraudsters never seem to rest. They have now turned their attention towards phishing using the Indian Income Tax Department’s name and branding. It is the season of tax returns in India and it is well known that people will file their income tax returns for the end of the fiscal year in India. Hence, phishers have chosen the right time to phish the market since most users will not be aware of these attacks. ...