Showing posts with label infopackets. Show all posts
Showing posts with label infopackets. Show all posts

Friday, January 07, 2011

Email Worm Targets M$ Customers

This was in my in-box just a moment ago. You'd do well to be alert to this threat:

Email Worm Poses As Microsoft Update, Warns MS

Microsoft is today warning users of fake security alerts arriving via email. Microsoft is reminding users that it never sends out security alerts with attachments via email and that you should never open such an email if it arrives in your inbox.

Microsoft Email Security Updates Are a Scam

Cyber-criminals have been sending a so-called Microsoft updates that are actually viruses.

This scam in particular takes advantage of Microsoft's well-established Patch Tuesday schedule for monthly email updates. Potential victims receive an email purporting to be from Microsoft's Director of Security Assurance, Steve Lipner (who in fact does hold that role).

The recipient is then told to install the attached file, KB453396-ENU.exe (or a similar name), which is supposed to be the security update.

Worm, Virus Replicates Itself, Sends to Contact List

The email attachment (.EXE file) is actually a worm / virus, meaning that once it is installed on a users' PC, it will attempt to replicate itself by sending a copy of the infected attachment to all users on the host PC's contact list (address book).

The idea is to get the worm / virus on as many machines as possible in order to become part of a botnet. The botnet is then used to attack websites, corporate structures, and is even sold to other online criminals for their evil-doing."



The above is a partial extraction of an article appearing in today's InfoPackets technology newsletter. Sign up today to get your own daily copy.
Posted by at No comments:
Labels: , , , , ,

Thursday, October 07, 2010

Consumer Beware:

If you have an iTunes account, take note -- from the daily Tech Republic "infopackets" newsletter comes this nasty bit of news:

Fake iTunes Bill Delivers Bank-Draining Trojan

Hackers have developed a new and clever scam that targets legitimate Apple iTunes subscribers, then drains their bank account.

Fake Bill Traps Customers into Clicking Malware Link

Victims of the scam receive fake "iTunes receipt" that appear completely authentic, with none of the spelling errors or image source code issues that have become synonymous with spam and malware messages.

The only real problem with the would-be receipt is that the total for the bill was said to be completely outrageous. And that's part of the trap.

Clicking "Report a Problem" Is a Big Mistake

Researchers say that the fake and outrageously high bill is enough to raise the ire of legitimate iTunes subscribers. The reason for this is that most people are likely to take action when seeing an "incorrect amount" appear on their bill.

Since the next step for most people in this situation would be to click the "report a problem" tab, this is where hackers have decided to plant the Trojan.

Fake Adobe PDF Reader Delivers Payload

The attack vector uses Adobe Flash, which is a technology that Apple refuses to use for its alleged security weaknesses. Panda Labs released a statement explaining the infection process:

"After clicking the link, the victim is asked to download a fake PDF reader. Once installation is complete, the user is redirected to an infected web page containing the Zeus Trojan, which is specifically designed to steal personal data." (Source: yahoo.com)

Phishing Schemes Increasingly Popular

Phishing has become a major problem for security companies in recent weeks, with users of the popular social network LinkedIn being the targets of a similar attack these past few weeks. (Source: scmagazineus.com)

According to Luis Corrons, technical director of Panda Labs, the variation in the methods of attack is what has been keeping security companies on edge.

"Phishing is nothing new. What never ceases to surprise us is that the techniques used to trick victims continue to be so simple, but the design and content is so very well-orchestrated. It's very easy to fall into the trap."

While some of the addresses that the malware uses is blocked by the Anti-Phishing Working Group, uncovering and restricting all addresses is an uphill battle that seems more and more improbable with each passing day.

This a really vicious bit of coding. It will hurt you badly and I suspect most banks will find some way to weasel out of their so-called "Security Guarantees" to avoid paying for the resulting damages. There is no choice but to be hyper-vigilant. After my bout with a bit of malware that mimicked my own virus scanner in March I have become very sensitive to these threats. Fixing the problem was both expensive and very time-consuming, something I wish on no one but the malefactors themselves.

By the way, I highly recommend subscribing to the infopackets newsletter. It is free, scrolling down past the adverts is pretty simple, the links work and the information is timely. What more could you ask from a tech newsletter?
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)