Malware
Main
Security
Anti-MalwareMalware
MSNBC Security
Security Fix
Security World News
Random Feeds
Archives
| Feb 2012 | Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 |Sat, 5 Dec 09
Google Work At Home Scam
http://pandalabs.pandasecurity.com/archive/Google-Work-At-Home-Scam.aspx
Lately, a Google work at home scam has been plastering its way throughout the Internet. The scam site is designed to look like a convincing news paper article and is currently circulating heavily through social networks (hacked and spam accounts) and ad networks.
Example of the scam wall post on Facebook from a hacked account:
The scam site:
To "cash in on the opportunity” all you have to do is fork up a measly $1.95 for the “Easy Google Profit” kit. Unfortunately, if you fall for the scam, you’re going to be taken for more than what you bargained for. Ripoff Report shows one victims struggle with these scam artists. Aparently they automatically started charging the victim $39.98 per month on top of an additional $129.95 fee. On top of that, they enrolled him in a 14 day trial for another site, which charges $29.95 a month if not canceled in time.
A helpful tip for avoiding these types of scams would be to question all links before clicking on them, especially in Social Networks. Nothing should be outrightly trusted. Ask yourself, “Would my friend/parent/sibling really post this link?” The chances are that the link will stick out like a sore thumb and you’ll be able to avoid a nasty situation. We also advise the use of safe browsing technology, such as the community driven browser plugin offered by our partners, Web of Trust.
Thu, 3 Dec 09
CDC H1N1 Malspam Campaign
http://pandalabs.pandasecurity.com/archive/CDC-H1N1-Malspam-Campaign.aspx
Our spam traps have been receiving thousands of malspam e-mails related to a new Sinowal (zbot) campaign over the past 24 hours. The e-mail attempts to trick users into creating a profile for H1N1 (Swine Flu) vaccination at the Centers for Disease Control website.
The email reads:
You have received this e-mail because of the launching of State Vaccination H1N1 Program.
You need to create your personal H1N1 (swine flu) Vaccination Profile on the cdc.gov website. The Vaccination is not obligatory, but every person that has reached the age of 18 has to have his personal Vaccination Profile on the cdc.gov site. This profile has to be created both for the vaccinated people and the not-vaccinated ones. This profile is used for the registering system of vaccinated and not-vaccinated people.
Create your Personal H1N1 Vaccination Profile using the link:
create personal profile
----
Centers for Disease Control and Prevention (CDC) - 1600 Clifton Rd - Atlanta GA 30333 - 800-CDC-INFO (800-232-4636)
The (several) websites used in this malspam campaign all start with online.cdc.gov.(malicious domain) and could easily convince the most suspicious users of its validity.
The site reads:
"Your Personal H1N1 Vaccinating Profile is an electronic document, which contains your name, your contact details and your medical data (what kind of illnesses you have sustained in your childhood or what kind of allergy you have to some certain drug). All instructions you need are included in the archive below:
Your Temporary ID (valid for 48 hours) H1N1-1574377270
H1N1 Vaccination Profile - Download Archive (130Kb)"
The campaign uses 6 different subject lines for its e-mails. The most common subject lines are Governmental registration program and Creation of personal Vaccination Profile.
Infection information:
Sinowal.WRN creates a copy of itself with the name SDRA64.EXE, in the Windows system directory.
Additionally, it creates the following files, where it stores the information it has obtained:
- LOCAL.DS and USER.DS, in the folder lowsec, created by itself, in the Windows system directory.
- 8.TMP and 9.TMP, in the folder Temp of the Windows directory.
Sinowal.WRN modifies the following entry from the Windows Registry:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
windowsl1vi = %sysdir%\%random file%.exe
where %sysdir% is the Windows system directory and %random file% is the filename with which the Trojan is copied. - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon
Userinit = %sysdir%\userinit.exe,
where %sysdir% is the Windows system directory.
It changes this entry to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon
Userinit = %sysdir%\userinit.exe,%sysdir%\sdra64.exe,
By modifying this entry, Sinowal.WRN ensures that it is run whenever Windows is started
Country of malware origin: Ukraine
Wed, 2 Dec 09
Phishing targeting Google AdWords
http://pandalabs.pandasecurity.com/archive/Phishing-targeting-Google-AdWords.aspx
We've seen this phishing going around in the latest hours:
When you click on the link you are redirected to the following site:
Taking a look at the URL you can realize that it is not the real Google AdWords site. As always, companies never send you a message with a link to change your credentials. And if they did, they wouldn't deserve to do it, so please always dismiss these kind of messages. If you need to change your password -something everyone should do from time to time- go directly to the site and then do it.