Facebook SCAM - 'Actual Footage Missile MH-17'
July 22, 2014 - "Facebook message claims that users can see actual footage of the missile fired at downed Malaysian Airlines flight MH17 by pro-Russian militants. The promised video does not exist. The message is a -scam- designed to trick people into spamming their friends with the same fake material and participating in -bogus- online surveys. If this message comes your way, do not click any links that it contains.
This message, which is being distributed on Facebook, promises users actual footage showing the missile that destroyed Malaysian Airlines flight MH17. The message invites users to click a link to view the footage... The supposed video is just a trick to get you to click the link in the message. In fact, the message is a typical 'shocking video' survey scam. If you click the link in the message, you will be taken to a fake Facebook Page that supposedly hosts the video. The fake page comes complete with equally fake user comments... scammers quickly exploit every high-profile disaster and the MH17 tragedy is no exception. In coming days and weeks, be wary of any message that asks you to click a link to access video or breaking news pertaining to MH17..."
Facebook Scam leads to Nuclear Exploit Kit
22 July 2014 - "... The “EXPOSED: Mom Makes $8,000/Month” scam, which we observed recently, redirected users to the Nuclear exploit kit. This particular scam has since been removed by Facebook..."
Regions affected by Nuclear exploit kit
Spammy Tumblr Apps and Stalker Hunting
July 22, 2014 - "... the latest one currently bouncing around the popular social network. You’ll notice it apes the template of the site in the linked blog  – same spam posts, same spam application name – although the website for this one looks fairly slick. It’s possible this one is closely related to the February spamrun, as the same Bit.ly user account created shortening URLs for both. Here’s the spam popping up on various blogs:
Below is the site it leads to, located at reviewsloft(dot)com/a/?3
... Once the install is done, they’ll show the inevitable surveys to the end-user to make some money. As before, a bit.ly link is used... With this current spamrun we can see that we’re hitting about 19,000 in 12 days, with around 2,000 clicks listed as coming from Tumblr and the rest classed as “unknown”. Not a huge amount of information to go on, then, but a good reminder that people continue to fall for this type of scam which has been around for the longest time. As a final note, the -rogue- application will continue to post to your Tumblr until you go into your user settings and remove the app... follow the instructions listed on the Tumblr account security page*. At that point, the spam posts can stop..."
Fake Credit Applicaiton – PDF malware
22 July 2014 - "Fw: Credit Application is another one from the current zbot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... Email reads:
... Please see credit application for West Star Environmental.
The job we have for them is for $ 46,214.00
From: Jimmy Robertson
Sent: Tue, 22 Jul 2014 11:57:13 +0100
Subject: Credit Applicaiton
Here is our credit application. If you should require further information please feel free to contact me.
West Star Environmental, Inc.
4770 W. Jennifer
Fresno, CA 93722 ...
22 July 2014: SWF_CREDIT_APPLICATION.pdf.zip (10kb) Extracts to SWF_CREDIT_APPLICATION.pdf.scr... Current Virus total detections: 5/53*
This Fw: Credit Applicaiton is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
Over 30 financial institutions defrauded by phone apps used to intercept passwords
Jul 22, 2014 - "More than 30 financial institutions in six countries have been defrauded by sophisticated criminal software that convinces bank customers to install -rogue- smartphone programs... Though many of the elements of the malicious software, including the interception of one-time passwords sent to phones, have been used elsewhere, the latest criminal campaign is unusual in that it combines many different techniques and leaves few traces... Banks in Austria, Sweden, Switzerland and Japan have all been hit, with damages somewhere in the millions of dollars... The least sophisticated part of the gang's work so far appears to be in the delivery of the software, according to a report by Trend Micro researchers*. Emails that appear to be from major retailers come with attachments that, when opened, prompt the user to download a malicious attachment of an unusual type, called a control panel item. If users do not click again, they are safe. If they do, the software goes to work and hides itself out of view of most antivirus protection. When an infected user later tries to visit the website of one of the targeted banks, the software redirects them to a -fake- site, which asks for login details and then prompts the user to download a smartphone app. That app later intercepts the one-time passwords, giving the gang both that data as well as the login information, enough to clean out an account..."
"Commingled" user data...
Scams exploit MH17 Disaster
July 21, 2014 - "... callous criminals waste no time in exploiting disasters such as air-crashes, terrorist attacks, storms, or tsunamis. The MH17 missile attack tragedy is no exception. In coming days and weeks, Internet users should be wary of scam attacks that attempt to trick people into following links or opening attachments in messages that are supposedly related to MH17... callous criminals waste no time in exploiting disasters such as air-crashes, terrorist attacks, storms, or tsunamis. The MH17 missile attack tragedy is no exception. In coming days and weeks, Internet users should be wary of scam attacks that attempt to trick people into following links or opening attachments in messages that are supposedly related to MH17... after clicking such a link, you are told that, before you proceed, you must share the post, participate in a survey, install an app or browser extension, or download a video player update or other software, close the page immediately..."
July 18, 2014
Facebook SCAM - Mercedes Benz CLA 45' Giveaway
July 21, 2014 - "Facebook Page claims that users can win a 'Mercedes Benz CLA 45 just by liking the page, liking and sharing a promotional post... The Page is -bogus- and the competitions that it promotes are not legitimate. There are no winners and no cars are being given away. This is a like-farming scam designed to fraudulently increase the number of likes garnered by the Page. Facebook Pages with high like-numbers can later be used to perpetrate further scams to a large audience. Alternatively, the Pages may be sold on the black market to other scammers...
According to a 'Competitions' Facebook Page that is currently being promoted across the network, you could win one of 6 Mercedes Benz CLA 45's just by liking the Page, liking and sharing a Page post... The scammers may also use the bogus Pages to perpetrate advance fee scams... the like-heavy Pages can be sold via a lucrative black market to other scammers who will repurpose it to further their own goals..."