Spyware, Viruses, & Security forum

General discussion

NEWS - November 27, 2009

by Donna Buenaventura / November 26, 2009 8:17 PM PST
Another ZBOT Spam Run

Trend Micro threat analysts were alerted to the discovery of another ZBOT spam campaign. The emails bear subjects such as &"your photos" and "some jerk has posted your photos." They inform the recipients that someone has posted their photos without their permission on a site and has sent the link to their friends. The recipient is intended to beleive that the "sender" is acting as a "good samaritan," emailing the one who supposedly posted the said pictures.The URL, of course, points to a website that distributes a malware detected by Trend Micro as TSPY_ZBOT.CJA.

When executed TSPY_ZBOT.CJA connects to several websites to download another malicious file detected as TROJ_DROPR.KB. The spyware also has rootkit capabilities that enable it to hide its processes. ZBOT/ZeuS is one of the most notorious botnets with regard to identity, financial, and information theft.


In another blog entry, Trend Micro is advising people to Don't Give Spammers a Reason to Be Thankful

Thanksgiving kicks off the holiday season in the United States, the top spam-sending country in the world. The holiday season ushers sales and big discounts for users. Unfortunately, however, this also means that spammers will be rushing to offer consumers bogus promos and discounts. Seems even cybercriminals have something to be thankful for, too.

Trend Micro analysts received Thanksgiving-related spam samples. The spammed messages offered users who log in to their sites US$500 worth of "grocery vouchers." The sites were hosted on different domains that, upon further analysis, have already been blacklisted though they have only recently been created.

Users who are tricked into clicking any of the URLs in the spammed messages landed on sites where they are asked to give out personal information like email addresses, complete names, addresses, and phone numbers, which, as you may already know, may be used for other malicious activities later on or sold in underground forums.

Discussion is locked
You are posting a reply to: NEWS - November 27, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - November 27, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Hack In The Box heading to Holland
by Donna Buenaventura / November 26, 2009 8:26 PM PST

HITBSecConf2010 Amsterdam opens in July

The organizers of the Hack In The Box security conferences in Malaysia are planning their first European show for Amsterdam next July.

Hack In The Box (HITB) held its first security conference, or hacker convention, in Kuala Lumpur in 2003, one of the first major shows of its kind in Asia. HITB organizers added a show in the Middle East in Dubai, United Arab Emirates in 2007. The two shows run yearly and draw high profile security industry people every year.

Next year, HITB will host its first show in Amsterdam from July 5 to 8, according to Dhillon Andrew Kannabhiran, the head of HITB. The Amsterdam show, HITBSecConf2010 - Amsterdam, will follow a similar schedule to the other HITB exhibitions. There will be two days of training sessions and two days of the conference, complete with Web hacking competitions.

Hacking competitions feature in every HITB show and the winners used to receive cash awards from sponsors. But at HITB Malaysia this year, there was no prize money on offer due to lack of sponsorship of the event yet enough teams registered to fill the competition ticket.


Collapse -
China warns of mass Internet virus
by Donna Buenaventura / November 26, 2009 8:29 PM PST

Panda Burning Incense worm due for a comeback

A computer worm that China warned Internet users against is an updated version of the Panda Burning Incense virus, which infected millions of PCs in the country three years ago, according to McAfee.

The original Panda worm, also known as Fujacks, caused widespread damage at a time when public knowledge about online security was low, and led to the country's first arrests for virus writing in 2007. The new worm variant, one of many that have appeared since late 2006, adds a malicious component meant to make infection harder to detect, said Vu Nguyen, a McAfee Labs researcher.

"It has gotten more complex with the addition of a rootkit," said Nguyen. "It definitely makes it more challenging for users to clean up and even to know that their systems have been compromised." A rootkit burrows into a system to try to hide the existence of malware.


Collapse -
Splinter Cell hack smells more like publicity stunt
by Carol~ Moderator / November 26, 2009 11:13 PM PST
Pwn or PR?

By John Leyden
November 27, 2009

Ubisoft said that the website of its popular video game Splinter Cell had been hacked on Thursday. However circumstantial evidence suggests the hack is more likely to be a publicity stunt than a genuine cyber assault.

Visitors to the Splinter Cell website are been greeted by a message in Russian. This is followed a bit.ly link buried in the message, which leads on to a page displaying the ASCII art of a shield with a double-headed eagle, also on the Splinter Cell site.

The arty effort looks more like an Easter Egg than the sort of things real cybercrooks typically spray on compromised sites, which usually include rants, abuse, political messages, greetings to other hackers and the like.

Ubisoft "confirmed" the Splinter Cell website had been "pwned" in a Twitter posting hours ago but is yet to take down the ostensible defaced site or do anything about the supposed hack. Security experts are doubtful that the attack is genuine, speculating that it's probably a hoax.

Continued here: http://www.theregister.co.uk/2009/11/27/splinter_cell_hack/


From Graham Cluley's Blog (Thursday):

Ubisoft confirms Splinter Cell website "hack"

Tom Clancy's Splinter Cell is a phenomenally popular series of video games where players stealthily creep up behind the bad guys and silently ermm.. "despatch them".

The trick to succeed is stay in the shadows, sneak up on the enemy on tiptoe, causing distractions to waltz past them or quietly "neutralise" them as a threat.

The "stealth" aspect of the game actually makes it quite a diverting change from the often guns-all-blazing approach that many video games rely upon these days.

Funnily enough, it's a similar approach that cybercriminals often use today. Rather than the attention-seeking viruses of yesteryear which announced their presence by displaying "amusing" messages or playing The Blue Danube through your speakers, most malware today is insidious - infecting your PC without making a big song-and-dance about the fact, and leaving no clue to the naked eye that your computer may have been compromised.

Continued here: http://www.sophos.com/blogs/gc/g/2009/11/26/ubisoft-confirms-splinter-cell-website-hack/
Collapse -
Smut-ladened spam disguises WoW Trojan campaign
by Carol~ Moderator / November 26, 2009 11:38 PM PST
Pwned and porned

November 27, 2009

A malicious spam campaign that attempts to harvest online game passwords under the guise of messages containing smutty photos is doing the rounds.

The tainted emails have subject line such as "Do you like to find a girlfriend like me?", and an attached archive file called "my photos.rar". The archive contains photos of young Asian women and content that poses as clips from a bongo flick.

The supposed video files actually harboured video files and a password-stealing Trojan called Agent-LVF, which is designed to steal the login credentials of World of Warcraft gamers. Security firm Sophos reckons it's likely the stolen credentials and associated in-game assets will be sold through underground sites, earning hackers a tidy profit in the process.

Continued here: http://www.theregister.co.uk/2009/11/27/wow_trojan_spam/

From the SophosLabs Blog:

Spammer believes WOW users are sad lonely men.

Spammers use social engineering and in this case expect that WOW (World of Warcraft) gamers are sad lonely men. At least that is what this spam suggests:

The spam will come with a subject of ?Do you like to find a girlfriend like me ?? and contents of:

Wish to have a boyfriend
Be able to protect me, take care of me
Intolerable lonely night and would like to have your care.
do you Willing ?

This is my photos.

Attached to the message is a file ?my photos.rar? that contains several photos like this cropped one:

Continued (with screenshot) here: http://www.sophos.com/blogs/sophoslabs/v/post/7594
Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Turn up the volume with our Apple Byte sweeps!

Two lucky winners will take home the coveted smart speaker that lets Siri help you around your connected house. This sweepstake ends Feb. 25, 2018.