Security

In Additional to my last Post: http://boelectronic.blogspot.com/2010/03/free-fakeav-at-virus-total-thats-not.html VirusTotal.com [http://en.wikipedia.org/wiki/VirusTotal.com] is a brilliant site that helps both public and researchers alike determine if an executable file they have is potentially malicious or not. Julio Canto (of VirusTotal fame) has noticed that somebody decided to cash in on the good name of the site with the following domain: virus-total(dot)in Go there, and you’ll see a message claiming the site is a “free online antivirus scanning service, click SCAN to begin scanning:“ ...

It’s been ten years already; can you believe it? I’m talking about the U.S. Census. It’s been ten years since the last one. Time to do it again. No, it wasn’t on my calendar either. To remind all of us and to encourage us to participate, the U.S. Census Bureau is spending $340 million to get the word out. There was even a Super Bowl ad. The Census Bureau will not be the only ones trying to get our attention and encouraging us to help them collect data. Cybercriminals will be doing the same thing. But they’ll be trying to fool us into thinking they are the Census Bureau. And the data they’ll be collecting will be a little different. It will be personal information they can use to rip us off. ...

VirusTotal has been well known to most readers of the blog. It’s a free virus and malware online scan service which allows submitters to test a particular file against a multitude of malware scanners. So, it’s not highly surprising that malware authors would try to use that name to further their gain. Today we came across such a sample arriving at one of our spamtraps through a car-related forum. The message looks like this: ...

Are malware authors and spammers suffering from the same affliction of “word salad“, or are they perhaps devoted students of Afringlish? Why else would one combine random words in an attempt to look legitimate? The reason is a simple one – not only are humans good at associating meaning to names, they are also exceptionally good at filling in the blanks, while machines are not. Thus, by carefully selecting particular names for insertion into the version information of malware samples, such as those of reputable software houses, the authors attempt to exploit this human condition. Presumably, they also hope to bypass security scanners which approve files based on such superficial attributes. ...

The Australasian Consumer Fraud Taskforce began its 2010 Fraud Week campaign today with release of the first Australian Competition and Consumer Commission (ACCC) scams activity report. Wednesday it will release information to help small businesses protect themselves. The March 1-7 Fraud Week hopes to reduce the incidence and impact of fraud and scams. The annual event tries to co-ordinate the release of information for consumers, timed to coincide with the International Consumer Protection Enforcement Network Global Consumer Fraud Prevention Month. ...

Since January we publish monthly reports about the categories of the spam messages which got sent around the last month. These categories are detected by Avira’s AntiSpam engine. Between January and February 2010 there didn’t change much in the spam landscape. The top 3 is still occupied by Pharmacy, Other (spams which don’t fit any category) and watches. However, this month the Malware category made its way on the 4th with 4.9% after it was only 0.5% in January. ...

We’ve been seeing a gradual shift in malicious PDF file coding (no surprise there, we know malware authors can and do adapt their techniques). For a long time, we saw malicious PDF files that were simple enough to allow us to readily decipher the intent of the malicious code — shell code, download/execute, drop and load, et cetera. Now we’re seeing more and more complex obfuscation being used, which requires us to break down the PDF file. This can make an Analyst’s daily life more miserable or interesting, especially as the obfuscation can bypass automated analysis tools and even AV detectors. ...

A massive earthquake struck near the Chilean city of Concepcion in the early hours of the morning of February 27th, 2010. The quake measuring 8.8 on the Richter scale was considerably stronger than the one that recently caused widespread destruction on the island of Haiti. Fortunately, despite the size of this latest quake, so far there has been few reported casualties. The quake occurred near the coast and tsumani warnings were issued for many countries bordering on the Pacific ocean. Unfortunately as with any major news event, miscreants are not slow to pounce when such opportunities arise to further their aims. ...

A few days ago, I blogged saying that Old websites don’t die they just get infected the other scenario is that they become part of a spammers SEO campaign. Working today, I went to check to see if the local police authority had cleaned up their old web page. So I wgetted the file and scanned it. It was no longer infected (hooray!) but the file was quite big. Opening the file in lynx (a simple web browser) I saw: ...

I have received a message this morning from an ICQ account with the following text written in UTF-8 and plain text: The message from ICQ.com ****** Hello. _ICQ.com: we Remind you that all ICQ numbers which have not passed activation, 1.1.2010 will be removed from a server without restoration possibility. _ _The status of yours ICQ numbers: NOT activated. _ For activation send SMS on number 8353 with the text 144444 In the reciprocal message you receive acknowledgement on activation and your password from number. ICQ.com Together with AOL.com ...