Or is it at the saturation point? The SANS Institute (acronym = SysAdmin, Audit, Network, Security) web site carried a blog piece that gives a good snapshot of the horrible ongoing plague of spam email that IT folks all over the globe must deal with. The writer, Deborah Hale, said the ISP in the Midwest where she works received almost 20 million pieces of email for more than 9,000 accounts since the beginning of March. Only 713,222 (3.6 percent) were NOT spam. ...
We regularly learn of cases where criminals have gained access to credit card numbers via keyloggers, skimmers or online hacks. Once they have the credit card numbers, they basically have three ways to turn them into cash: Sell them Make fraudulent purchases on them Create real-world cards out of them To create real-world cards, you need blank cards to start with. These are known in the underground as “blank plastic“. ...
Are Mac OS X rogues an emerging threat? For many years discussions of the potential for malware on Macs have ended with the conclusion: “there isn’t much yet, but as soon as Mac gets a big market share the dark side is going to start writing the code.” There are indications that the bad guys are working on it. There have been some blog posts suggesting that the dark side is working hard to create a Mac OS X compatible rogue. SCMagazine is carrying a piece quoting a spokesman for researchers at Intego. Apparently Intego researchers got proof-of-concept code for an OS X rogue from underground sources and determined that it didn’t quite work. However, they concluded that some sophisticated coding was going on: ...
Today has been quite a busy day for scammers. We have been tracking a global scam/spam run that targets Facebook users. The lure used in the run is a familiar one: Facebook Password Reset Confirmation! Customer Support. The email looks like the following [Just it won’t notify you it’s Spam, it’s my own Software 😉 ]: The activity on this particular scam run has been global from the beginning. The malware in the attachment is pretty much what one would expect: downloaders, password-stealing Trojan, fake-AV, or bot stuff, depending on which one you got. Check out the Artemis map of this malware: ...
Most of us are familiar with how high profile news events are used for malware distribution. We’ve seen it many times such as with Tiger Woods’ scandal and the earthquake in Haiti. Now the recent earthquake in Chile is used to prey upon unsuspecting folks interested in what’s going on with the post-quake and tsunami. This shows we should really be careful in our choices of where we go to get information. Try any related search term or phrase related to “Chile Earthquake”, “Tsunami”, etc. I’ve done so and will walk us through a few examples of risky to malicious content that my search turned up. This type of malware distribution tends to target the broadest audience possible, so I entered the search term “Chile” and then let Google auto-complete my search to “Chile quake 2010 tsunami” to load what is a popular search phrase. Almost immediately, among some recognizable news site results are random blog posts touting words like “download” or “.exe”. We should be suspicious of these. ...
About a year or so ago one of the “McMarketeers” decided it would be fun to run a campaign against “fram”–spam that friends send you. As you might guess, we in the Labs have no friends, so it was no problem for us to ridicule the idea. However, around the coffee machine the other day I got involved in a quick discussion about spam on Facebook. A long-term social networker genuinely thought that Facebook spam did not exist and that all the noise was from Facebookers playing games or using annoying apps. So I offered to write up an example. ...
Del Harvey who leads Twitter’s Trust and Safety team blogged yesterday that the social networking/micro-blogging service has begun filtering all links in Twitter Direct Messages to stop phishing: “Since these attacks occur primarily on Direct Messages and email notifications about Direct Messages, this is where we have focused our initial efforts. For the most part, you will not notice this feature because it works behind the scenes but you may notice links shortened to twt.tl in Direct Messages and email notifications.” ...
Be on the lookout for websites offering up “free applications” which come with a nasty sting in the tail. Here’s a typical example: Appzkeygen(dot)com If you like videogame consoles, you may be a fan of emulators (programs that ape long dead consoles, allowing you to play old games on your PC – we’ll avoid the murky legal minefield that comes with this practice and instead focus on the malware). Below is a Playstation 2 emulator – no really, it is. Would they lie to you? ...
Hot on the heels of the Patch Tuesday announcements yesterday, came the announcement of a new zero-day in Internet Explorer (CVE-2010-0806). Whilst checking through some URLs supposedly serving up malicious code to exploit this vulnerability, I noticed a link to some spam runs from earlier in the week. On March 8th SophosLabs saw spam messages attempting to trick the recipient into visiting rogue web pages. Messages used at least two social engineering tricks to lure victims into clicking the malicious link. ...
A while ago I was writing about twitter spam and I was trying to make a brief definition of this kind of spam: It follows a lot of users , has 1 post and is followed only by a few persons. Well, this changed now, because the theme became much more interesting for the people on Twitter: how to loose weight. Ironically, the URLs on Twitter also make a diet – they always get “compressed” using link shortener services. ...