When I was a child, I was fascinated by ATM machines. I had a savings account which my mother would deposit money regularly and I waited for the day that I could raid the account with the ATM card for frivolous spending on console games and fast food. Nigerians have developed a cunning method to transfer millions of dollars to lucky winners worldwide. Yes, it is indeed the humble ATM card. ...
Email hoaxes are nothing new, dating back at least as far as 1994 with what is widely believed to have been the first email hoax—referred to as the “Goodtimes virus” or the “Goodtimes virus hoax” after the subject of the email. The message in the early version was short and to the point, advising recipients not to open email messages with the subject “Good Times” because doing so would ruin their files. This, of course, was not true, but in cases where the recipient complied with the warning, it obviously had the effect of ruining their chances of actually reading any legitimate email messages with that very subject. ...
I was wrong in my earlier assessment that the three treasury websites had been cleaned… the attack site was simply tracking ip addresses, and would not serve the iframe on subsequent visits.I really should have noticed that earlier, and have no excuse except that it was very early. And pre-caffeine. Folks should stay away from the sites mentioned until they’re cleaned.
Spam emails such as the one below have been doing the rounds on the Internet hoping to lure recipients into downloading a Facebook toolbar. If you download the file by clicking on “Download Here”, you’ll see a file with the icon shown below: If you take a closer look at the icon, “darkSector” is shown inside of it. How strange. Is this actually a Facebook toolbar? Let’s take a look at the property of the file since the file looks a bit fishy. In the file properties, you’ll see the following in the Details tab. ...
For the second time recently, a security researcher has pointed out that running machines without administrative privileges could significantly improve security. Mikko Hypponen, the head of research at Finnish AV company F-Secure in an interview with The Inquirer, said a great way to stop a lot of malware would be to take administrative rights away from online users. “Most wouldn’t notice (although those who did would be incandescent with annoyance) and most malware would be stopped from functioning. It should have been done already,” he said. ...
We want to warn you of an email message in Spanish we’ve received with the subject ( Urgente ) Posible Terremoto y Tsunami con un 89 % de efectividad and that is of course false. The message consists of different images and informs users about an alert of earthquake and tsunami in Chile. Besides, it passes itself off as a warning of National Geographic, in order to make it more credible. ...
For a short while today a couple of treas.gov websites were hacked, and were reaching out to an attack site in Ukraine. The websites involved were bep.gov (Bureau of Engraving and Printing), bep.treas.gov and moneyfactory.gov. They had been script injected with the line of code circled in red… Btw, you should _not_ mess with the attack site (grepad) … it was dead earlier today, but could easily come back to life. ...
Backdoor.Rohimafo is a Trojan that has several back door functions. It not only opens a back door and performs the usual functions but it also can perform some decidedly unusual functions. It attempts to block users from connecting to remote servers; not only specific servers but also specific network segments by using PersistentRoutes in Windows. PersistentRoutes can be used to add a routing entry to a routing table persistently. The route.exe command can be used to add an entry like the following: ...
Niels Provos of the Google Security Team has blogged about the rise of malicious web sites carrying rogue security products, which the Google team calls “Fake AV.” Google has been engaged in a constant battle against the sites because the operators who peddle them have been refining their techniques for poisoning Google search engine results in order to victimize Google users by drawing them to malicious download sites. He wrote: “we conducted an in-depth analysis of the prevalence of Fake AV over the course of the last 13 months, and the research paper containing our findings, ‘The Nocebo Effect on the Web: An Analysis of Fake AV distribution’ is going to be presented at the Workshop on Large-Scale Exploits and Emergent Threats (LEET) in San Jose, CA on April 27th.” ...
The Telegraph, one of the biggest newspapers in the UK, hasn’t had a good time of it lately where their website is concerned. There were vulnerabilities found in relation to the site back in March involving database access, and it seems a hacking group has gone in and defaced two subdomains. These are the two subdomains in question: shortbreaks(dot)telegraph.co.uk wine-and-dine(dot)telegraph.co.uk/site/index.php They appear to have been compromised by “R.N.S. – Romanian National Security”. Here’s a screenshot, both defacements are identical: ...