IE10 0-day exploited in widespread Drive-by Downloads
Updated: 27 Feb 2014 - "... We’ve observed trends suggesting that attacks targeting this vulnerability are no longer confined to advanced persistent threats (APT) — the zero-day attacks are expanding to attack average Internet users as well. We refer to these attacks as drive-by downloads. This is not a surprising result, as the vulnerability’s exploit code received a lot of exposure, allowing anyone to acquire the code and re-use it for their own purposes. Our internal telemetry shows a big uptick in attempted zero-day attacks. The attacks started to increase dramatically from February 22, targeting users in many parts of the world. Our telemetry shows -both- targeted attacks and drive-by downloads in the mix.
Attacks targeting CVE-2014-0322 around the world
... websites either were modified to host the exploit code for the Internet Explorer zero-day vulnerability or were updated with the insertion of an iframe that redirects the browser to another compromised site hosting the exploit code. If the attack is successful, the exploit drops a banking Trojan that steals login details from certain banks... Microsoft has yet to provide a security update to patch the affected vulnerability. However, the company has offered the following solutions to help users protect their computers from exploits that take advantage of this vulnerability:
- Upgrade to Internet Explorer 11
- Install the Microsoft Fix it workaround solution:
> http://support.microsoft.com/kb/2934088#FixItForMe "
Fake Netflix Phish leads to Fake MS Tech Support
Feb 28, 2014 - "... came across what I first thought was a typical phishing scam targeting Netflix:
Until I realized it wasn’t, or at least that there was something more to it. Of course it stole my credentials:
But it also displayed a message saying my account had been suspended:
In order to fix this issue, you are urged to call “Netflix” at a 1-800 number. If you do a bit of a search you will find out this is -not- the official hotline, so this warranted a deeper investigation. Once I called the number, the rogue support representative had me download a “NetFlix Support Software”:
This is nothing else but the popular remote login program TeamViewer:
After remotely connecting to my PC, the scammer told me that my Netflix account had been suspended because of illegal activity. This was supposedly due to hackers who had infiltrated my computer as he went on to show me the scan results from their own ‘Foreign IP Tracer’, a -fraudulent- custom-made Windows batch script... According to him, there was only one thing to do: To let a Microsoft Certified Technician fix my computer. He drafted a quick invoice and was kind enough to give me a $50 Netflix coupon (fake of course) before transferring me to another technician... During our conversation, the scammers were not idle. They were going through my personal files and uploading those that looked interesting to them, such as ‘banking 2013.doc‘... Another peculiar thing is when they asked me for a picture ID and a photo of my credit card since the Internet is not secure and they needed proof of my identity. I could not produce one, therefore they activated my webcam so that I could show said cards to them onto their screen... This is where it ended as my camera was disabled by default. The scammers were located in India, information gathered from the TeamViewer logfile... -never- let anyone take remote control of your computer unless you absolutely trust them. This scam took place in a controlled environment that had been set up specifically for that purpose..."
Upcoming Verizon DBR report ...
Feb 28, 2014 RSA CONFERENCE 2014 San Francisco - "... data breach data gathered by Verizon for its Data Breach Investigations Report shows that the bad guys are winning when it comes to the efficiency of hacking into their victims' systems... Wade Baker, managing principal of RISK Intelligence for Verizon... says... "Less than 25 percent of good guys discovered these incidents in a days or less... The bad guys are winning at a faster rate than the good guys are winning"... Bryan Sartin, director of Verizon's RISK Team, said... "Victims don't even find out on their own. They are finding out from someone else"... U.S. Secret Service special agent Edward Lowery, who heads up the agency's criminal investigative division, said... "They are in it for the profit, and their business model requires that they be surreptitious. It's all about the money"... Verizon's Baker says the bad news from this year's report is that the cyber criminals and other attackers are getting better at what they do, while the security community is not improving its game quickly enough to keep pace..."