9 total posts
Phishers Use Malware in Fake Facebook App
Phishers frequently introduce bogus applications to add new flavor into their phishing baits. Let's have a look at a new fake app that phishers are leveraging. In this particular scam, phishers were trying to steal login credentials, but their means of data theft wasn't with the phishing bait alone. Their ploy also used malware for harvesting users' confidential information. The phishing site spoofed the login page of Facebook and was hosted on a free web hosting site. [Screenshot]
The phishing site boasted that the application would enable users to view a list of people who visited their profile page. The site offered two options to activate the fake app. The first option was by downloading software containing the malware and the second was by entering user credentials and logging into Facebook. A message on the phishing page encouraged users to download the software that would allegedly send notifications to the user when someone visited their Facebook profile. If the download button was clicked, a file download prompt appeared. The file contained malicious content detected by Symantec as Infostealer. On the other hand, if user credentials were entered, the phishing site redirected to a legitimate Facebook page.
Continued : http://www.symantec.com/connect/fr/blogs/phishers-use-malware-fake-facebook-app
Related: Bogus Facebook login page steals credentials, pushes malware
Sirefef Malware Served Up By Bad Bing Ads
From the ThreatTrack Security Labs Blog:
We're seeing our old friend "rogue ads in Bing" doing the rounds - should you go searching for "Youtube" and click on the rogue ad (in this case, the one in the bottom right hand corner under "Ads related to Youtube") you'll be taken to a site which redirects to an exploit. [Screenshot]
The scammers behind this could well be targeting other keywords, but here's a list of re-directors we've seen related to a basic Youtube search so far: [...]
It seems likely that at least some of the above were compromised sites, and some of them appear to be back to normal and / or offline at time of writing. End-users would be redirected from the above to a dynamic DNS service Hopto(dot)org subdomain, with the exploit domain resting on the IP 109(dot)236(dot)81(dot)176.
'Bulletproof' Hoster Santrex Calls It Quits
Santrex, a Web hosting provider that has courted cybercrime forums and created a haven for a nest of malicious Web sites, announced last week that it is shutting its doors for good, citing "internal network issues and recent downtime."
Couldn't have happened to a nicer company. Rarely has a Web hosting firm so doggedly cornered the market on so-called "bulletproof hosting" services. These are essentially mini-ISPs that specialize in offering services that are largely immune from takedown requests and pressure from Western law enforcement agencies.
If there were a Hall of Infamy for hosting providers, Santrex would be near the top. That's hardly an exaggeration: According to Google - which tracks top malicious hosts via its safebrowsing program — Santrex was among the Internet's top three most malicious hosts over the past year. Google's data indicates that nearly 90 percent of the sites on Santrex's network tried to foist malicious software on visitors, or hosted malware that was used in attacks against other Web sites. [Screenshot]
I first read about the news of Santrex's demise in a thread at vpsboard.com titled "Ding! Dong! Santrex is Dead!" ...
Twitter Still Being Used By Shady Hackers
TrendLabs Security Intelligence Blog:
Recently, Twitter made public financial statements related to its upcoming initial public offering (IPO). Part of these statements including how many active users it has: Twitter said it has 218 million monthly active users, three-quarters of which have accessed the site from a mobile device.
It's not a surprise that some of these users are malicious. What is uncommon is that some of these malicious accounts do try to "engage" with other accounts - even those of security vendors like Trend Micro. Too bad for these users - we are one step ahead of them, as we have previously blocked the dubious sites they offer.
Recently, we came across four accounts that added the @TrendLabs Twitter account to various lists. This would not have been unusual, except all four accounts were clearly malicious: [Screenshot]
Upon further investigation, these accounts led to more malicious sites offering a variety of hacking tools targeting sites like Facebook and Twitter, as well as a scam site offering free iPhone 5ses.
Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/twitter-still-being-used-by-shady-hackers/
Cisco Patches 11 Vulnerabilities in FWSM, ASA Products
Cisco pushed out patches for two products this week, addressing a handful of vulnerabilities in its Firewall Services Module (FWSM) software and Adaptive Security Appliance (ASA) software.
According to security updates posted on the company's Advisory page yesterday, at least nine separate vulnerabilities exist in ASA:
• IPsec VPN Crafted ICMP Packet Denial of Service Vulnerability
• SQL*Net Inspection Engine Denial of Service Vulnerability
• Digital Certificate Authentication Bypass Vulnerability
• Remote Access VPN Authentication Bypass Vulnerability
• Digital Certificate HTTP Authentication Bypass Vulnerability
• HTTP Deep Packet Inspection Denial of Service Vulnerability
• DNS Inspection Denial of Service Vulnerability
• AnyConnect SSL VPN Memory Exhaustion Denial of Service Vulnerability
• Clientless SSL VPN Denial of Service Vulnerability
Five of the nine can either reload an affected device or lead to a denial of service (DoS) condition.
Continued : http://threatpost.com/cisco-patches-11-vulnerabilities-in-fwsm-asa-products/102563
Also: Cisco patches vulnerabilities in some security appliances, switches and routers
Nordstrom Finds Cash Register Skimmers
Scam artists who deploy credit and debit card skimmers most often target ATMs, yet thieves can also use inexpensive, store-bought skimming devices to compromise modern-day cash registers. Just this past weekend, for instance, department store chain Nordstrom said it found a half-dozen of these skimmers affixed to registers at a store in Florida.
The fraud devices in this case resemble small keyloggers that are sold by dozens of stores for approximately $30 to $40 apiece. These hardware keyloggers are essentially Ps2 connectors that are about an inch in length. The tiny data storage devices are usually purple in color to match the color-coded standard for keyboards, and are made to be inserted between the male end of a PS2 keyboard connector and the female receptor on a computer. [Screenshot]
According to an alert circulated by the police department in Aventura, Florida, on the afternoon of Saturday, Oct. 5, 2013, three male subjects were captured on closed-circuit cameras at Nordstrom tampering with registers in the store. Authorities there say the footage showed two of the men worked to distract sales staff, while the third took pictures of the register and removed the rear access panel to the register and took additional photographs.
Continued : http://krebsonsecurity.com/2013/10/nordstrom-finds-cash-register-skimmers/
Hackers exploit vBulletin Internet forum software
Hackers are exploiting a vulnerability in the popular vBulletin Internet forum software in order to inject rogue administrator accounts into websites using it.
The exploit was found by researchers from security firm Imperva on underground hacker forums and targets versions 4.x.x and 5.x.x of vBulletin.
The vulnerability allows attackers to abuse the vBulletin configuration mechanism to create a secondary administrative account, the researchers said Wednesday in a blog post.
At the end of August, vBulletin Solutions, the company that develops the forum software, advised users to delete the "install" directories from their vBulletin deployments because of an unspecified exploit vector.
The company declined to release any additional information about the issue at that time, but Imperva's researchers believe it's the same vulnerability targeted by the exploit script they found.
Continued : http://www.pcworld.com/article/2053920/hackers-exploit-vbulletin-vulnerability-to-inject-rogue-administrator-accounts.html
Related : vBulletin vuln opens backdoor to rogue accounts
Fake Payment Slip Emails Carry Malware
Users are advised to be on the lookout for fake emails that purport to carry a payment slip. The scam notifications are part of a cybercriminal campaign designed to distribute malware.
Cisco's Security Intelligence Operation detected a significant volume of these scam emails on October 1. However, the company issued a second warning on October 9.
One version of the email comes with an attachment (Bank Slip.rar) that contains a malicious .scr file. When it's executed, the victim's computer becomes infected. A second variant of the bogus notification has a different body and it carries a malicious executable inside a .zip archive.
Here's what the emails look like. If you come across them in your inbox, delete them immediately.
Variant 1. "Payment Slip"
Continued : http://news.softpedia.com/news/Fake-Payment-Slip-Emails-Carry-Malware-390011.shtml