[ Register | Login ]

Home PHP Scripts Contact News Articles RSS Readers Donations

Malware

	Enter your search terms Submit search form
	Web www.amigura.co.uk

Main

Security

Anti-Malware
Malware
MSNBC Security
Security Fix
Security World News
Random Feeds

Archives

| Feb 2012 | Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 |

Tue, 29 Sep 09
Fake IRS Notifications
http://pandalabs.pandasecurity.com/archive/Fake-IRS-Notifications.aspx


Fake IRS notification e-mails have been in circulation on the Internet over the past few weeks. We've monitored the situation closely and have observed 30 active domain names currently spreading the Zeus trojan affiliated with the spam campaign, as well as 300 links used in the attack over the past month. The e-mail arrives as a notice of unreported income and directs the victim to click on a link (E.g. www.irs.gov.malwaredomain.com).  When clicked, the victim arrives at website designed to look like an official IRS page.    



The website attempts to legitimize itself by referencing the receivers name in the Taxpayer ID field and in the download link. Once the malware is accessed, the zeus trojan is silently installed on the victim’s computer and begins to intercept communication with banking sites in order to facilitate financial fraud.

Wed, 23 Sep 09
Blackhat SEO continues to ravage search results
http://pandalabs.pandasecurity.com/archive/Blackhat-SEO-continues-to-ravage-search-results.aspx


Every day cyber criminals are exploiting search engines to display high ranking malicious search results. Targeting hot topics allows for cyber criminals to improve infection rates for their money making Rogueware (pdf) schemes. Below is an example of the attack we observed today.  

 Most targeted search terms:

• Dallas Cowboys
• NFL
• School
• Emmy Awards
• Autumn Equinox (Mabon)
• Atlanta
• News

..The full list of targeted keywords can be downloaded here: BlackhatSEO3.txt

Sample search result:



Redirection to fake security (Rogueware) site:



Rogueware: Adware/PCDefender



Tag cloud of targeted terms:


 

Tue, 22 Sep 09
Hack MySpace, ICQ, and Vkontakte for $100 (50% discount for Russians)
http://pandalabs.pandasecurity.com/archive/Hack-MySpace_2C00_-ICQ_2C00_-and-Vkontakte-for-_2400_100-_2800_50_2500_-discount-for-Russians_2900_.aspx


The Ukrainian Facebook scam we blogged about on Friday has similar campaigns for MySpace, ICQ, and Vkontakte. All of the scam sites are identical in design and require the payment of $100 except for the Vkontakte scam site. Vkontakte is a Russian clone of Facebook and the scam offers to hack Vkontakte profiles for 1500 rubles, which is about $50 USD.

MySpace



ICQ



Vkontakte



What's strange here is that the Ukrainian scam crew responsible for these scam sites are making a run at conning Russians, which is a tactic we don't see very often in the labs. 

Sat, 19 Sep 09
Your Facebook account is worth $100
http://pandalabs.pandasecurity.com/archive/Your-Facebook-account-is-worth-_2400_100.aspx


Yesterday I came across (thanks Sean-Paul!) the following site, which really attracted my attention:

 

As you can see, it is an online service which promises to hack any Facebook account just for 100 bucks (!). My first thought about this was "ok, just another scam", but I wanted to see how far they could go with this. The first thing they request you is to register in their site, which I did. The next step to hack an account was to provide them with the ID of the Facebook account you wanted to hack; first I created a temporary Facebook account for this test, and then went back to "hack" it.



Obtaining the ID is something trivial, and with that ID anyone can obtain the Facebook username, but that's something that people is not familiar with, so at the end it gives extra credibility to this "service". Once you enter the ID and click on the "Hack it" button, you are given the owner of the Facebook account (the username) and now you have the option to "Start Facebook hacking!":



As you can see, it says it takes some minutes, and in fact it is true. Once it finishes, you will see this:



I clicked on save, but as you haven't paid yet, you are not allowed to view the passwords:



Below you have the payment screen. Once you send the money via Western Union (haven't you ever asked yourself why most of the cybercriminals are using WU services?), you have to fill in the details. Of course, you have to send the money to Ukraine...



Once you send the information, you are told that it will appear in your balance. Of course it won't, as this is all about taking the money from users. And at the end, as the user wanted to hack an account, he won't call the police.

In the website there is a FAQ place, where they say they've been doing business for more than 4 years, and provide a link to a Webmoney account that is in fact 4 years old. But taking a look at this facebook hacking web site, we found out that it's been registered by someone from Moscow a couple of days ago.

Thu, 10 Sep 09
Blackhat SEO Attack Targets Obama's Speech
http://pandalabs.pandasecurity.com/archive/Blackhat-SEO-Attack-Targets-Obama_2700_s-Speech.aspx


Using search engines to browse the Internet these days is a dangerous endeavor. Cyber criminals are keen on gaming search engine algorithms and are able to quickly divert innocent news seekers to malicious websites.  Today, WIRED reported that cyber criminals were targeting a highly anticipated Dan Brown novel, but the target and scope is much deeper than that.  Literally every current relevant news topic is actively targeted each day, including highly publicized speeches given by President Obama this week.

Clicking the following link in a Google search result will point us to a malicious Rogueware campaign page:   

 

 

Malware Info: Adware/SmartVirusEliminator

 

 Investigating the attack shows us a bigger picture of the targeted keywords:

 

Most commonly targeted keywords:

• Obama Speech
• GM group enterprises
• Apple
• Beatles
• America
• White House
• Jon Gosselin
• Live Interview
• School Season
  The full list of targeted keywords can be downloaded here: BlackhatSEO2.txt

Over the past six months that PandaLabs has closely tracked the evolution of Blackhat SEO attacks, we’ve seen these targeted campaigns be executed by cybercriminals with increasing levels of speed and sophistication.  Today, Blackhat SEO is truly a mainstream tactic used by cyber criminals.  Targeting real-time news events is a serious problem not only for search engines, but for all parties involved in malware mitigation.  In shifting to the "real-time web," the entire IT security community must also recognize the need for real-time Malware protection and this is precisely why the move to cloud-based antivirus technology is necessary.      

Wed, 9 Sep 09
Live Demo: Banking Trojans
http://pandalabs.pandasecurity.com/archive/Live-Demo_3A00_-Banking-Trojans.aspx


Banking Trojans are one of the most prevalent Malware species in the threat landscape today.  Malware authors aim to keep infections live and undetected long enough so that they can get what they are really after: money. Financial motivations lead malware developers to craft the stealthiest banking Trojans to steal personal and financial data for further exploitation on the black market.  Day after day innocent victims are hacked with the end result being an emptied out bank account. This video demonstrates how dangerous and stealthy banking Trojans can be and why we must continue to raise awareness on the issue.

Sat, 5 Sep 09
Rogueware Demo: Online Antivirus
http://pandalabs.pandasecurity.com/archive/Rogueware-Demo_3A00_-Online-Antivirus.aspx
Rogueware authors continue to push the limits when tricking innocent users into infecting themselves.  In this video example, we demonstrate the audio and visual cues used in a scareware campaign.

Wed, 2 Sep 09
Be Careful With Your Search Results
http://pandalabs.pandasecurity.com/archive/Be-Careful-With-Your-Search-Results.aspx


Blackhat SEO (BHSEO) is currently one of the most prevalent distribution methods for Malware on the Internet.  It’s also one of the most dangerous methods because of the user-implied trust in search results.  A Forrester research study conducted in 2008 showed that 50 percent of Internet users trust content delivered by search engines. It’s no surprise that cyber criminals have been using malicious search results as a main monetization stream.

The Rogueware campaign we blogged about last week turned into a full blown BHSEO attack targeting relevant news topics such as, the California wildfires, Ted Kennedy’s death, DJ AM’s death, Mega Millions Lottery, Hurricane Danny, UFC 102, CNN and BBC breaking news among thousands of search terms and 123,000 links.  Upon clicking one of many malicious links in the top ranking search results, the victim is put through several redirections and finally taken to a fake scan website designed to infect and extort money.  

Fake scan site:



Installer:



File: setup.exe
Size: 72192
MD5: 2C0625D97A5BC7EC299D33CE8C9A299E 



Adware/SmartVirusEliminator



Tag cloud of exploited keywords:
 


Most exploited keywords:

• BBC News 2009
• CNN News 2009
• Ted Kennedy
• Official Website
• USA News
• Hottest Info/News
• CA/California Fire
• Lottery
• Hurricane
• Halloween
  The full list can be downloaded here: BlackhatSEO.txt

You can read more about Rogueware in our most recent report: The Business of Rogueware [pdf]

 

Home | Contact | PHP Scripts | Sitemap | News | Articles | Advertise | Jobs | RSS Readers | Donations | Api Projects

© amigura.co.uk All Rights Reserved.