Instantly this news became? very fruitful? for all kinds of cybercriminals. Here is? some of the proof we found:1) SEO optimized Google image searches leading to a malicious site with the exploit for the “Help Center URL Validation Vulnerability“. The exploit drops into the system a malicious executable file which is a password stealer malware.?At [...]
29 April 2011
Real-world events occasionally generate a massive number of online searches. Japan’s recent earthquake and the subsequent tsunami that followed is a good example of a sudden event that turned the world’s attention to Google. And as topics trend in Google’s search results, Search Engine Optimization (SEO) attacks are attempted. Our March 11th post urged caution [...]
29 April 2011
Scam Signature Message: The Ultimate Profile Viewer is now being released! Shocking for real! See who visits your profile real time! See who invisible you on their friend list chat! Check it now and you will be shocked who viewed your profile now ! See your results here ->Scam Type: Survey Scam - Profile Peeker – Rogue ApplicationTrending: April 2011Why [...]
29 April 2011
Recently,we found many malwares using a smarter way to inject the specified dll into system related to IME management. Comparing to the old IME injection tricks, it is much more difficult to be discovered by users or anti-virus companies.As we known, at the beginning of last year, many Chinese users found they could not use [...]
29 April 2011
Scam Signature Message: The BLOODIEST Fight EVER – BANNED FROM TV!Scam Type: Survey Scam Trending: April 2011Why it’s a Scam:Clicking the wall post link takes you to the following page: If you do follow their directions and click to “Watch the Video” you are taken to the follow page:Here we see the end game of a typical Facebook Survey Scam. Each [...]
29 April 2011
The Royal Wedding of Prince William and Catherine Middleton that will be held tomorrow, on April 29, will attract the attention of many people around the world, and has become a trending topic on various websites, especially the social networking sites.No doubt, it also became an easy target for the malware authors to spread their [...]
28 April 2011
Emails disguised as electronic cards have been used as bait over and over again for malicious intent. The fact that they are overused is a clear indicator that this lure indeed works. Websense Security LabsT and the Websense ThreatSeekerR Network recently came across an e-card themed email. Our customers are protected from this threat by ACE, our Advanced [...]
28 April 2011
As we have seen with many major events in the past, news of the British Royal Wedding is currently being used by cyber criminals to bolster their spam campaigns and push rogue antivirus software through black hat search engine optimization (SEO) techniques. Spam campaignsWe have blogged previously about “snowshoe” spammers targeting the upcoming British Royal Wedding [...]
28 April 2011
Two weeks ago, the Federal Bureau of Investigation (FBI) obtained a court order in Connecticut, USA. This court order allowed the FBI to undertake an anti-cybercrime operation of a sort which had never been authorised before in America.Not only did the cops seize various US-based Command and Control (C&C) servers belonging the Coreflood botnet, but [...]
28 April 2011
Who would have thought it? A free anti-virus program for Apple Macs being named best anti-malware solution ahead of those security products for boring old Windows.Well, that’s exactly what happened at the SC Magazine Awards Europe 2011, held last week at the London Hilton on Park Lane.Over 530 of the industry’s top companies saw Sophos [...]
28 April 2011
Sony has published a new blog entry, confirming that credit card details which could have been stolen in the recent hack of the PlayStation Network were encrypted.Sony reassured users of the PlayStation Network that “all credit card information stored in our systems is encrypted”, but underlined that it cannot rule out the possibility that the [...]
28 April 2011
Another Facebook spam mail pretending that your password is not safe, currently circulating on Internet. The subject is: FaceFacebook Support. Personal data has been changed!ID55733. The email comes with an attachment called New_Password_IN33494.zip.The zip file (New_Password_IN33494.zip) contain New_Password.exe file, Quick Heal detects this file as a “Trojan.Menti.gen”.New_Password.exe tries to fool the victim as it seems [...]
28 April 2011
Any trick to get Pay Per Installs (PPI) money from Ad-supported companies is good these days.This site (www.megavideomovieshare.com/?title=) is usurping MegaVideo’s identity to get people to install adware programs. (The real site does not require you to install “plugins” other than the default Flash Player).The plugin you must download is in fact the well known “ClickPotato” adware.To make [...]
28 April 2011
RE/MAX is a well known international real estate company. Here is one of their Israeli’s websites:remaxplus.co.ilAlthough everything looks fine on the surface, the site has been hacked and is hosting malware:remaxplus.co.il/Include/zombie60.exeThe file is poorly detected on VirusTotal (5/41).Upon running zombie60.exe, a copy is placed under:The following TCP connections are made:The IP 67.205.124.38 points to a [...]
28 April 2011
The wave of United Parcel Service, DHL Global and Post Express Office spam – which has been so prolific and leading to scareware infections – changed to Bobijou Inc. over the Easter weekend.However, the first batch sent out was flawed. As you can see below, the file attached has a “.dat” extension.The mistake was rectified [...]
28 April 2011
I always find it interesting to know what goes on in cyber criminals’ minds.Lately I’ve been observing a deluge of websites being hacked and serving drive-by downloads in the form of Java exploits under the name mario.jar.Below is a screen cap of some of those caught by our HoneyPots:On the left hand side are sites that have been hacked [...]
28 April 2011
You probably saw that whole “Obama birth certificate” thing yesterday.You’re also aware this means hunting around for pictures of his birth certificate is going to result in Rogue AV files popping up.The first page of Google Image Search:Click to EnlargeThat one in the middle was (until a little while ago) using a java exploit to [...]
28 April 2011
XBox Live currently has a warning issued in relation to “phishing attacks” in the Modern Warfare 2 game. However, information is frustratingly thin on the ground leading to much confusion as to what the attack is, how it takes place, what to avoid and so on.Things I have seen in the past:* Social engineering attempts [...]
28 April 2011
After discovering an external intrusion, the persons in charge took the worldwide network and the Qriocity services offline on April 20th 2011. Since then, none of the games can be played online anymore, some offline games can’t even be played offline due to the lack of network functionality, not to talk about the possibility to [...]
28 April 2011
Some sort of .htaccess hack is going on, redirecting users to infernomag.com and then on to a malicious site that looks like it’s downloading a Zbot variant. It only seems to work with Internet Explorer, and only when the page is accessed from a search engine (like Google). infernomag.com is hosted on 85.17.132.194 (Leaseweb) which [...]
28 April 2011
This particular scam has been around for a couple of years and is so common now that I’ve christened this group of scam domains “Lapatasker” after the email address used in some of the older WHOIS details.New domains for this scam (all registered on 26/4/11) are:1job-europ.comconsult-europ.commiddle-consult.comwestconsult-eu.comThe (probably fake) contact details on the domains are: Vilechka [...]
28 April 2011
A currently ongoing malware campaign is impersonating Bobijou Inc for malware-serving purposes.Sample subject: “Successfull Order 977132“Sample message: “Thank you for ordering from Bobijou Inc.This message is to inform you that your order has been received and is currently being processed.Your order reference is 901802. You will need this in all correspondence. This receipt is NOT [...]
28 April 2011
It’s been almost one month since we reported about the huge increase of email-borne malware attachments. The outbreaks have continued on an almost daily basis since then and we have noted a corresponding dramatic increase of over 70% in the number of zombies.The traffic graph below shows the continued outbreaks (orange line). As noted previously [...]
28 April 2011
There’s no such thing as a free lunch – or free Facebook credits. As proof consider the attack described below which has several stages:1) Users get messages with offers of “free Facebook credits”2) These trick users into running a malicious JavaScript3) The infected user is lead to a website – which probably offers [...]
28 April 2011
