Review

“Faceparty is a UK based social networking site allowing users to create online profiles and interact with each other using forums and messaging facilities similar to email” – Wikipedia Faceparty does things a little differently to other social networking sites, however. Unlike most places where you register a username and password then start telling people how your farm is doing, to join Faceparty you need to send a text message to the tune of £25 / $38(!) and then enter your one time use password onto this page (warning: quite a few swearwords, because the site is indeed down with the kids). ...

Last week we received a mass mailing that at first glance appeared no different from the usual mailbox clutter. The messages were in German and advertised an online casino. Nothing out of the ordinary there – after all, gambling-themed spam is one of the most popular in the German-speaking realms of cyberspace. But after a closer inspection, these messages turned out to be of much more interest – all the links in the messages led to pages created on legitimate sites that had been compromised. The links looked like this: **\*.com/news_.php or *****.com/1500.php. ...

…and some of it masquerades as “marketing” and “newsletter” emails. In March 2010, spam continued to account for a high percentage of all email traffic, peaking at 93.6% of all messages. The majority of this spam email was sent using certain tactics that were deployed to hijack unsecured computers and hide the senders’ identity. Recently, however, there has been an uptick in spam “marketing” and “newsletter” emails. These spam marketing and newsletter emails share one significant commonality with “regular” spam emails, which is that they are unwanted email messages sent to individuals who have no formal relationship with the message sender. ...

Well, well… looks like someone has been singing along to one of Jay Chow’s songs while coding an exploit that corresponds to a vulnerability in Internet Explorer, which was addressed in Microsoft Security Bulletin MS10-018. The exploit that targets on the Peer Object component (iepeers.dll) in IE has been found in the wild, and today it was detected while attempting to exploit on the client browser. After decoding from a shellcode, it will download the payload and will be detected as Trojan:W32/KillAV.LD. ...

We have received reports of a malicious Windows Mobile game that creates significant phone bills to affected users. The game in question is called 3D Anti-terrorist action, and it’s manufactured by Beijing Huike Technology in China. The game itself is a 3D first-person shooter. Apparently some Russian malware author took the game and trojanized it. Then he uploaded the trojanized version to several Windows Mobile freeware download sites. ...

An interesting and unknown feature used by sysadmins around the world in some large corporate networks is the use of proxy-auto config (pac) files. This benign feature is accepted by all modern browsers and is described in detail here. It contains a function to redirect your connection to a specific proxy server. Unfortunately this simple and smart proxy technique are being largely used by brazilian malware writers to redirect infected users to malicious hosts serving phishing pages of financial institutions. A .pac script URL is configured in the browser, in the field “Use automatic configuration script”: ...

TSince 27 March a new game called 3D Antiterrorist has been cropping up on quite a few international freeware sites offering downloads for Windows Mobile smartphones. As well as the game itself, the 1.5 MB archive contains the file reg.exe which is actually a Trojan that calls premium rate international numbers and leaves smartphone owners significantly out of pocket. As of 8 April this malicious program has been detected by Kaspersky Lab as Trojan.WinCE.Terdial.a. Let’s take a closer look at what happens. ...

I don’t believe it!! This morning I’ve received an email sent by Google notifying me that I´ve won $950,000, so I think this will be the last post I’m going to write 😉 Well, I haven’t taken part in any promotion of this kind and I’ve never heard that Google gives prizes just like that, but I can consider it as if I won the lottery. Here you have the content of the message: ...

It was only a matter of time before the merest of “iPad” mentions on sites such as Twitter would result in autospammed messages like this: These bots will fire a message claiming “we need someone to test and keep one iPad” (or simply “Free iPad here”) to anyone discussing the latest gadget to hit the streets, sending you to various promotional sites like the one below: ...

Farmville has been launch in June 2009 and after month it has been rated at #8 in Top 25 Facebook Games. Farmville has become the most popular games on Facebook. It has been rank at #1 Facebook Game on August 2009 up until now. Farmville users can’t get enough of farming. They make impressive hay bales art farm just like the Image below. Fake AV gang launches its attack to the Farmville users by poisoning Yahoo and Google search results using the following keywords (see Image 1): ...