News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
July 31, 2014, 09:34:04
Pages: 1 ... 8 9 [10]
 91 
 on: June 18, 2014, 04:24:32  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Asprox Botnet campaign spreads Court Dates and Malware
- http://www.fireeye.com/blog/technical/malware-research/2014/06/a-not-so-civic-duty-asprox-botnet-campaign-spreads-court-dates-and-malware.html
June 16, 2014 - "Executive Summary: FireEye Labs has been tracking a recent spike in malicious email detections that we attribute to a campaign that began in 2013. While malicious email campaigns are nothing new, this one is significant in that we are observing mass-targeting attackers adopting the malware evasion methods pioneered by the stealthier APT attackers. And this is certainly a high-volume business, with anywhere from a few hundred to ten thousand malicious emails sent daily – usually distributing between 50 and 500,000 emails per outbreak... In late 2013, malware labeled as Kuluoz, the specific spam component of the Asprox botnet, was discovered to be the main payload of what would become the first malicious email campaign. Since then, the threat actors have continuously tweaked the malware by changing its hardcoded strings, remote access commands, and encryption keys. Previously, Asprox malicious email campaigns targeted various industries in multiple countries and included a URL link in the body. The current version of Asprox includes a simple zipped email attachment that contains the malicious payload “exe”...
Overall Asprox Botnet tracking:
> http://www.fireeye.com/blog/wp-content/uploads/2014/06/fig5.png
... Conclusion: The data reveals that each of the Asprox botnet’s malicious email campaigns changes its method of luring victims and C2 domains, as well as the technical details on monthly intervals. And, with each new improvement, it becomes more difficult for traditional security methods to detect certain types of malware..."
(More detail at the fireeye URL above.)

 Evil or Very Mad Evil or Very Mad  Sad

 92 
 on: June 18, 2014, 02:41:30  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Fake Customer Daily Statement - XLS malware
- http://myonlinesecurity.co.uk/customer-daily-statement-fake-xls-malware/
18 June 2014 - "Customer Daily Statement pretending to come from Berkeley Futures Limited [trade@ bfl .co.uk] is another one from the current zbot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers... This email has a zip attachment that requires you to use the password in the body of the email to open the zip file ( hopefully this will slow down & make you think and help protect you). The zip contains 2 files: what appears to eb a genuine PDF statement and a file suggesting it is a Microsoft XLS (Excel) file which is in fact a renamed .exe malware. Email reads:

   Attached is your daily statement and payment request form for May 2014.
    Please fulfill payment request form and send it back. The attached zip archive is secured with personal password.
    Password: XL6Fs#
    Berkeley On-line and Berkeley Equities are trading names of Berkeley Futures Limited. Berkeley Futures Limited is authorised and regulated by the Financial Conduct Authority (Registered no. 114159) © 2012 Berkeley Futures Limited


18 June 2014: XCU01.zip : Extracts to   request_form_8943540512.xls.exe
Current Virus total detections: 3/54*. This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper xls file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/9e15df950e6d723f02c2b9d210750e70f36cd99bae861a434574a014c68542ee/analysis/1403073130/
___

Pinterest and Tumblr Accounts Compromised to Spread Diet Pill Spam
- http://www.symantec.com/connect/blogs/pinterest-and-tumblr-accounts-compromised-spread-diet-pill-spam
Updated: 18 Jun 2014 - "Over the weekend, a large number of Pinterest accounts were compromised and used to pin links to a miracle diet pill spam called Garcinia Cambogia Extract. Since most of the compromised accounts were linked to Twitter, these spam “pins” on Pinterest were also cross-posted to Twitter... The main reason spammers go through all of these hoops is to evade spam filters on social networks. On Pinterest, plenty of users pin posts from Tumblr blogs. On Tumblr, a redirect script called 'tumblr-redirect.js' hosted on Dropbox is inserted into each Tumblr page.
Are Twitter accounts compromised?
It does not appear so. Most of the tweets we have seen show they were shared through Pinterest and not Twitter. Symantec Security Response recommends the following tips for Pinterest, Tumblr, and Twitter users:
- Make sure your password on all these services are strong and unique*
- Tumblr users should enable two-factor authentication**
- Twitter users should revoke and reauthorize access to the Pinterest application "
* https://identitysafe.norton.com/password-generator

** http://www.tumblr.com/docs/en/account_security
___

Fake Wells Fargo SPAM - malicious PDF file
- http://blog.dynamoo.com/2014/06/wells-fargo-important-docs-spam-has.html
17 June 2014 - "This -fake- Wells Fargo spam comes with a malicious PDF attachment:
   From:     Raul.Kelly@ wellsfargo .com
    Date:     17 June 2014 18:50
    Subject:     Important docs
    We have received this documents from your bank, please review attached documents.
    Raul Kelly
    Wells Fargo Accounting
    817-713-1029 office
    817-306-0627 cell Raul.Kelly@ wellsfargo .com
    Investments in securities and insurance products are:
    NOT FDIC-INSURED/NO BANK-GUARANTEES/MAY LOSE VALUE
    Wells Fargo Advisors, LLC is a nonbank affiliate of Wells Fargo & Company, Member FINRA/SIPC. 1 North Jefferson, St. Louis, MO 63103 ...


The attachment is account_doc~9345845757.pdf which has a VirusTotal detection rate of 5/51*. The Malwr report doesn't say much but can be found here**."
* https://www.virustotal.com/en/file/42e12d3d45629c036aca781881867a4a77b7b3a5bc574df4d4c0126a016cb36f/analysis/1403031721/

** https://malwr.com/analysis/M2ViODNlNzI5Yjc5NDQyODk1NzkxYzdmMDA5YzZkN2I/
___

Fake Payment Overdue SPAM - PDF malware
- http://myonlinesecurity.co.uk/payment-overdue-please-respond-fake-pdf-malware/
18 June 2014 - "Payment Overdue - Please respond pretending to come from Payroll Invoice [payroll@intuit.com] is another one from the current zbot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... Email reads:
   We have uploaded previous month reports on dropbox, please use the
    following link to download your file:
    https ://www.cubby .com/pl/Document_772-998.zip/_666f6271a7a8418a9881644fdcae6e1f
    Sincerely,
    Gabriel Preston
    This e-mail has been sent from an automated system.  PLEASE DO NOT REPLY...


18 June 2014: Document_772-998.zip (8kb) : Extracts to Document_772-998.scr
Current Virus total detections: 2/54* ... another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."    
* https://www.virustotal.com/en/file/0d28d2dff106109c2510c2c4ea74432d5927c51f5a464961cddc60331ad79ab7/analysis/ 
___

Fake Lloyds Bank SPAM
- http://blog.dynamoo.com/2014/06/lloyds-bank-commercial-finance-customer.html
18 June 2014 - "Sent to the same targets and the same victim as this HSBC spam, this fake Lloyds Bank message comes with a malicious payload:
    From:     Lloyds Bank Commercial Finance [customermail@ lloydsbankcf .co.uk]
    Date:     18 June 2014 12:48
    Subject:     Customer Account Correspondence
    This attachment contains correspondence relating to your customer account with Lloyds Bank Commercial Finance Ltd.
    This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.
    If you have received this email in error please contact the individual or customer care team whose details appear on the statement.
    This email message and its attachment has been swept for the presence of computer viruses.
    Lloyds Bank Commercial Finance, No 1 Brookhill Way, Banbury, Oxfordshire OX16 3EL | www.lloydsbankcommercialfinance .co.uk


Ensuring that your PDF reader is up-to-date may help to mitigate against this attack."
___

Fake Xerox WorkCentre Spam...
- http://blog.dynamoo.com/2014/06/scanned-image-from-xerox-workcentre.html
18 June 2014 - "The PDF spammers are busy today - this is the third time this particular malicious PDF has been spammed out to victims, first as a fake HSBC message, then a fake Lloyds message, and now a fake Xerox WorkCentre spam.
   From:     Xerox WorkCentre
    Date:     18 June 2014 13:41
    Subject:     Scanned Image from a Xerox WorkCentre
    It was scanned and sent to you using a Xerox WorkCentre Pro.
    Sent by: [redacted]
    Number of Images: 0
    Attachment File Type: PDF
    WorkCentre Pro Location: Machine location not set
    Device Name: [redacted]
    Attached file is scanned image in PDF format...


The payload is a malicious PDF that is identical to the HSBC and Lloyds spams."
___

Fake Electro Care SPAM - XLS malware
- http://myonlinesecurity.co.uk/invoice-electro-care-electrical-services-ltd-fake-xlsmalware/
18 June 2014 - "Invoice from Electro Care Electrical Services Ltd is another one from the current zbot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... Email looks like :
   This invoice is the oldest and we did receive a cheque if £4900.00 On the 16/04/14
    Please not that they have deducted CIS at 20% on the above payment so the total amount applied to this invoice is £5400.00.
    Any question then please call me.
    This message contains Invoice #03974 from Electro Care Electrical Services Ltd.  If you have questions about the contents of this message or Invoice, please contact Electro Care Electrical Services Ltd.
    Electro Care Electrical Services Ltd
    Unit 18
    Lenton Business Centre
    Lenton Boulevard
    Nottingham
    NG7 2BY
    T: 01159699638 F: 01159787862 ...


18 June 2014: ECE03974.zip (57kb) : Extracts to Electro Care Electrical Services Ltd invoice.scr
Current Virus total detections: 3/54* . Invoice from Electro Care Electrical Services Ltd is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper XLS  file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/9202caba3971b255d182a161a59f81a3723876515682be3d00c7b539413b51f8/analysis/
___

Fake HSBC SPAM...
- http://blog.dynamoo.com/2014/06/hsbc-unable-to-process-your-most-recent.html
18 June 2014 - "This convincing looking bank spam comes with a malicious PDF attachment:
From:     HSBC.co.uk [service@ hsbc .co.uk]
Date:     18 June 2014 12:33
Subject:     Unable to process your most recent Payment
HSBC Logo
You have a new e-Message from HSBC .co.uk
This e-mail has been sent to you to inform you that we were unable to process your most recent payment.
Please check attached file for more detailed information on this transaction.
Pay To Account Number:   **********91
Due Date: 18/06/2014
Amount Due: £ 876.69 ...


Attached is a malicious PDF file HSBC_Payment_9854711.pdf which has a VirusTotal detection rate of just 6/53*. The Malwr report does not add much but can be found here**."
* https://www.virustotal.com/en-gb/file/31edb5f3f59bee534715dad5aa81cf6aa26c9cc132a520c5a258dc622709222d/analysis/1403092029/

** https://malwr.com/analysis/ZDZmNTFjOTA4ZjAyNDkzMmJiNDA1MGY3OGI5MzdiOWM/
___

Android ransomware uses TOR
- http://blog.trendmicro.com/trendlabs-security-intelligence/android-ransomware-uses-tor/
June 17, 2014 - "... samples we now detect as AndroidOS_Locker.HBT, we found that this malware  shows a user interface that notifies the user that their device has been locked down, and that they need to pay a ransom of 1000 rubles to unlock it. The interface also states that failure to pay would result in the destruction of all data in the mobile device. Examples of apps we’ve seen display this routine are found in third-party app stores, bearing names such as Sex xonix, Release, Locker, VPlayer, FLVplayer, DayWeekBar, and Video Player. Non-malicious apps with these names are available from various app stores... The user will be asked to pay to account 79660624806/79151611239/79295382310 by QIWI or 380982049193 by Monexy within 48 hours. This UI will also keeping pop out, thus preventing the user from being able to use their device properly... we found that it communicates to its command-and-control server via TOR. Although this is not the first time we’ve seen Android malware use TOR, this is the first ransomware we’ve seen that uses it. Considering the amount of data that users now store in their mobile devices, we predict that this is just the start of the continuous development of mobile ransomware... How to Remove this Ransomware: For users whose devices are infected with this ransomware, the malicious app can be manually removed through the Android Debug Bridge. The adb is part of the Android SDK*, which can be freely downloaded from the Android website..."
* http://developer.android.com/tools/help/adb.html

 Evil or Very Mad Evil or Very Mad  Sad

 93 
 on: June 17, 2014, 13:30:38  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Microsoft Security Advisory 2974294
Vulnerability in Microsoft Malware Protection Engine Could Allow Denial of Service
- https://technet.microsoft.com/library/security/2974294
June 17, 2014 - "Microsoft is releasing this security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft. The vulnerability could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted... See the Affected Software section for a list of affected products. Updates to the Microsoft Malware Protection Engine are installed along with the updated malware definitions for the affected products...  automatic detection and deployment of updates will apply the update within 48 hours of release. The exact time frame depends on the software used, Internet connection, and infrastructure configuration..."

- https://www.us-cert.gov/ncas/current-activity/2014/06/17/Microsoft-Releases-Security-Advisory-Microsoft-Malware-Protection
June 17, 2014
___

- http://www.securitytracker.com/id/1030438
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2779
Jun 17 2014
Impact: Denial of service via local system, Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.1.10600.0 and prior...
Solution: The vendor has issued a fix (1.1.10701.0).
The vendor's advisory is available at:
- https://technet.microsoft.com/en-us/library/security/2974294
___

- https://atlas.arbor.net/briefs/
High Severity
June 20, 2014
Analysis: If the engine scans a specially crafted file, the vulnerability could be exploited to cause a denial of service condition, stopping the engine from monitoring affected systems. A specially crafted file could be delivered via email or instant messenger, or by visiting a site hosting a malicious file; alternatively, a malicious attacker could use a website that hosts user-provided content to upload a malicious file, which would be scanned by the engine running on the hosting server. [ https://technet.microsoft.com/library/security/2974294 ] Microsoft has updates for affected products, which will automatically be pushed to Microsoft Malware Protection Engine...

 Exclamation Exclamation

 94 
 on: June 17, 2014, 11:03:52  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

- http://tools.cisco.com/security/center/publicationListing.x

Cisco products - OpenSSL multiple vulns
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140605-openssl
Last Updated: 2014 June 16 - Rev 1.7 - "... As the investigation progresses, this document will be updated to include the Cisco bug IDs for each affected product.... additional platform-specific information, including workarounds (if available) and fixed software versions... Cisco products currently under investigation... (listed. Also:) Products Confirmed Not Vulnerable..."
Revision 1.7 - 2014-June-16 - Updated the Affected Products, Vulnerable Products, and Products Confirmed Not Vulnerable sections. Linked bug IDs of currently known affected products.

Cisco IOS XR Software IPv6 Malformed Packet DoS vuln
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140611-ipv6
Revision 1.1 - 2014-June-13 -Added information about 4.1.2-based SMU to the "Software Versions and Fixes" section.

 Exclamation Exclamation

 95 
 on: June 17, 2014, 02:44:51  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

For IE 11 users, no update now means no security fixes
- http://arstechnica.com/information-technology/2014/06/internet-explorer-11s-new-update-ethos-for-security-fixes-youll-need-new-features/
June 16 2014 - "When Microsoft released the Windows 8.1 Update, IT feathers were ruffled by Microsoft's decision to make it a compulsory update: without it, Windows 8.1 systems would no longer receive security fixes. As spotted by Computerworld's Gregg Keizer*, Microsoft is applying the same rules, at least in part, to Windows 7. Windows 7 users who've installed Internet Explorer 11 are required to install the KB2929437 update. This is the Internet Explorer 11 update that corresponds to the Windows 8.1 Update; it doesn't just include security fixes for Microsoft's browser. There are also some new and improved features, including a more capable WebGL implementation and some additional high performance JavaScript features. If users don't install the update, Windows Update will not provide any more security fixes for their browser..."
* http://www.infoworld.com/d/microsoft-windows/microsoft-strips-some-windows-7-users-of-ie11-patch-privileges-244338?page=0,0
June 16, 2014

 Shocked   Questioning or Suspicious

 96 
 on: June 17, 2014, 02:01:44  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

New banker trojan - Dyreza / delivered by SPAM
- https://www.csis.dk/en/csis/news/4262/
2014-06-16 - "We have been analyzing a new piece of banking malware, which is targeting some major online banking services. Among many, we have verified the following to be on the target list:
Bank of America
Natwest
Citibank
RBS
Ulsterbank

The code is designed to work similar to ZeuS and as most online banking threats it supports browser hooking for Internet Explorer, Chrome and Firefox and harvests data at any point an infected user connects to the targets specified in the malware. The malware is being delivered through -spam- campaigns. We have seen various subjects such as: "Your FED TAX payment ID [random number]" and "RE: Invoice #[random number]. The primary target appears to be the UK. We have seen RBS to be a specific target with the content:
"Please review attached documents regarding your account
To view/download your documents please click here
Tel: 01322 247616
Fax: 01322 202705
email: Leonel@ rbs .com
This information is classified as Confidential unless otherwise stated."


The traffic, when you browse the Internet, is being controlled by the attackers. They use a MiTM (Man in The Middle) approach and thus are able to read anything, even SSL traffic in clear text. This way they will also try to circumvent 2FA * ... Our intel shows that the group behind these attacks is likely to push/distribute a new campaign as a "Flash Player update". Still it's unclear if this is provided as a "Crime as a Service" or if it's a full circle criminal outfit. We believe this is a new banker trojan family and not yet another offspring from the ZeuS source code. CSIS would like to credit the following blog/analysis:
- http://phishme.com/project-dyre-new-rat-slurps-bank-credentials-bypasses-ssl/ "
"... block the IPs 85.25.148.6, 217.12.207.151, and 192.99.6.61 ..."

* https://en.wikipedia.org/wiki/Two-factor_authentication

- https://www.computerworld.com/s/article/9249153/Powerful_Dyreza_banking_malware_emerges
June 17, 2014
___

Fake Voicemail recived - malware exploit
- http://myonlinesecurity.co.uk/new-voicemail-recived-malware-exploit/
17 June 2014 - "... from Yesterdays Simply Business attack we have the same attack with a subject New voicemail recived pretending to come from YouMail which is another one from the current bot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers... we are unable to get any malware payload from it... Email looks like:

Screenshot: https://encrypted-tbn1.gstatic.com/images?q=tbn:ANd9GcTSpRfJH9eatgwmNyHCi_bUGRFVPZyEeaaYXX9hcV0N81l7ftlL
... You have received a Voicemail. Follow the link below to listen to it

... these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day... make sure you have “show known file extensions enabled“... look carefully at the unzipped file. If it says .EXE then it is a problem and should -not- be run or opened..."
___

Spamvertised ‘June invoice” themed emails lead to malware
- http://www.webroot.com/blog/2014/06/17/spamvertised-inovice-june-themed-emails-lead-malware/
June 17, 2014 - "Cybercriminals continue spamvertising tens of thousands of malicious emails on their way to socially engineer gullible end users, ultimately increasing their botnet’s infected population... recently intercepted a currently circulating malicious campaign enticing users into executing the fake attachment. Detection rate for a sampled malware: MD5: 8b54dedf5acc19a4e9060f0be384c74d – detected by 43 out of 54 antivirus scanners* as Backdoor.Win32.Androm.elwa... Once executed MD5: 8b54dedf5acc19a4e9060f0be384c74d** ...
It then phones back to the following C&C servers:
hxxp ://62.76.189.58 :8080/dron/ge.php
hxxp ://62.76.41.73 :8080/tst/b_cr.exe
62.76.41.73
62.76.185.30
95.101.0.115

... Detection rate for the dropped sample: MD5: 596ba17393b18b8432cd14a127d7c6e2 – detected by 36 out of 54 antivirus scanners as Trojan-Spy.Win32.Zbot.tfdc ... Related malicious MD5s known to have phoned back to the same C&C server (62.76.41.73) ... Related malicious MD5s known to have phoned back to the same C&C server (95.101.0.115) ..."
* https://www.virustotal.com/en-gb/file/1f96459c0ead337cf13478236d13c76a5f7606bbf912e3963abc3b24180b1640/analysis/1403011569/
"... invoice_pdf.exe ..."

** https://www.virustotal.com/en-gb/file/587ef476ccf538621243959d727f475adc2b6b4903cb71a4a40afa111cd1908d/analysis/

*** https://www.virustotal.com/en-gb/file/8d0c7f67057f063f27f8abdf9c6a4050e47f96f7d7f425be70a79008eb4f68a2/analysis/

62.76.189.58: https://www.virustotal.com/en-gb/ip-address/62.76.189.58/information/
62.76.41.73: https://www.virustotal.com/en-gb/ip-address/62.76.41.73/information/
62.76.185.30: https://www.virustotal.com/en-gb/ip-address/62.76.185.30/information/
95.101.0.115: https://www.virustotal.com/en-gb/ip-address/95.101.0.115/information/
___

Fake Virgin Media SPAM - malware exploit
- http://myonlinesecurity.co.uk/virgin-media-automated-billing-reminder-malware-exploit/
17 June 2014 - "... Virgin Media Automated Billing Reminder pretending to come from Virgin Media Online Services [billing@ virginmedia .com] is another one from the current bot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... Once again we are unable to get any malware payload from it because the sites insist on some vulnerable software which we don’t have installed. There is an alternative version spreading with a subject of British Gas bill payment. pretending to come from British Gas [services@ britishgas .co.uk] but with exactly the same virgin media email. Email looks like:

Virgin Media Automated Billing Reminder
> https://t2.gstatic.com/images?q=tbn:IjOSG-1y3IKA2M:http://www.britneyspears.com/2008/12/12/Virgin%20Media%20Web.jpg
Date 17th June 2014
This e-mail has been sent you by Virgin Media to inform you that we were
unable to process your most recent payment of bill. This might be due to
one of the following reasons:
    A recent change in your personal information such as Name or address.
    Your Credit or Debit card has expired.
    Insufficient funds in your account.
    Cancellation of Direct Debit agreement.
    Your Card issuer did not authorize this transaction.
To avoid Service interruption you will need to update your billing profile, failure to update your profile may lead in service cancellation and termination.
Please click on the link below to login to e-Billing. You will need to login using your primary E-mail address.
Login  to e-Billing
Once logged in you will need to fill in the required fields, please ensure all address and contact details are up to date, once submitted your account details will automatically be updated within 24 Hours.
Kind Regards,
Virgin Media
Customer Services Team
Ellis Willis


All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email... make sure you have “show known file extensions enabled“... If it says .EXE then it is a problem and should -not- be run or opened."

 Evil or Very Mad  Shocked

 97 
 on: June 16, 2014, 10:18:41  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Fake Simply Business SPAM – malware
- http://myonlinesecurity.co.uk/please-fill-employer-reference-number-policy-mqbi352715xb-malware/
16 June 2014 - "'Please fill in your Employer Reference Number, policy – MQBI352715XB' pretending to come from Simply Business insurance company is another one from the current bot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... This set of emails with the subject of 'Please fill in your Employer Reference Number, policy – MQBI352715XB < numbers vary>' is targeted at employers and small business rather than consumers. I cannot get any payload or malware. The links all lead to -compromised- websites or servers and all go to pages called hxxp ://<  name of website >/err_log/sub/activate.html where a simple script -bounces- you on to hxxp :// 62.76.44.211 :8080/inbound.php which at this time is not responding. We believe this is likely to be one of the -exploit- kits that will attempt to install cryptowall on your computer, if you have a -vulnerable- version of Java, Flash, Adobe PDF reader or Microsoft Silverlight... The email looks like:
   You’re receiving this important service message as a Simply Business customer with Employers’ Liability insurance
    View it in your browser ...

[See image at the myonlinesecurity URL above.]

... look carefully at the unzipped file. If it says .EXE then it is a problem and should -not- be run or opened."

- http://centralops.net/co/DomainDossier.aspx
62.76.40.0 - 62.76.47.255
descr:          IT House, Ltd
country:        RU ...
address:        195427, St. Petersburg, Russia
route:          62.76.40.0/21
descr:          IT House, Ltd
origin:         AS48172 ...

- https://www.google.com/safebrowsing/diagnostic?site=AS:48172
"... over the past 90 days, 163 site(s)... served content that resulted in malicious software being downloaded and installed without user consent. The last time Google tested a site on this network was on 2014-06-16, and the last time suspicious content was found was on 2014-06-16... Over the past 90 days, we found 35 site(s).. that appeared to function as intermediaries for the infection of 171 other site(s)... We found 26 site(s)... that infected 310 other site(s)..."
___

Hacks steal Dominos Pizza customer data in Europe, ransom sought
- http://www.reuters.com/article/2014/06/16/us-dominos-pizza-cybersecurity-idUSKBN0ER1TF20140616
Jun 16, 2014 - "Hackers have stolen data on more than 600,000 Dominos Pizza Inc customers in Belgium and France, the pizza delivery company said, and an anonymous Twitter user threatened to publish the data unless the company pays a cash ransom. Customer names, delivery addresses, phone numbers, email addresses and passwords were taken from a server used in an online ordering system that the company is in the process of replacing, Dominos spokesman Chris Brandon said on Monday. He said he did not know if the stolen passwords had been encrypted. A Tweet directed at Domino's customers through an account of somebody listed as "Rex Mundi" said hackers would publish the customer data on the Internet unless the company pays 30,000 euros ($40,800), according to an article in The Telegraph. The Rex Mundi account was later suspended. Brandon said he was not familiar with the ransom demands, but that the company would not be making any such payment..."

 Evil or Very Mad  Shocked

 98 
 on: June 16, 2014, 01:46:49  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

VMSA-2014-0006.1 - VMware product updates address OpenSSL security vulns
- http://www.vmware.com/security/advisories/VMSA-2014-0006.html
Updated on: 2014-06-12
CVE numbers: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, and CVE-2014-3470
Relevant Releases:
Big Data Extensions prior to 2.0.0
ESXi 5.5 prior to ESXi550-201406401-SG
Horizon Mirage Edge Gateway prior to 4.4.3
vCD prior to 5.5.1.2
vCenter prior to 5.5u1b
vCSA prior to 5.5u1b
Update Manager prior to 5.5u1b
Change Log: 2014-06-12 VMSA-2014-0006.1
Updated security advisory in conjunction with the release of Big Data Extensions 2.0.0, Horizon Mirage Edge Gateway 4.4.3, vCD 5.5.1.2, vCenter Server 5.5u1b, vCSA 5.5u1b, and Update Manager 5.5u1b on 2014-06-12..
More at: http://www.vmware.com/security/advisories/VMSA-2014-0006.html

 Exclamation

 99 
 on: June 15, 2014, 04:28:54  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

cryptolocker, cryptowall, putter panda, nuclear domains
- http://www.malwaredomains.com/?p=3606
June 13th, 2014 - "Added over 200 domains associated with Nuclear EK. Putter Panda, Cryptolocker, Cryptowall… Sources include blogs.cisco.com, gist.github.com, crowdstrike.com..."

 Exclamation  Shocked

 100 
 on: June 13, 2014, 18:28:39  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

- http://blogs.technet.com/b/msrc/archive/2014/06/13/june-2014-security-bulletin-webcast-and-q-amp-a.aspx
13 Jun 2014 - "Today we published the June 2014 Security Bulletin webcast questions and answers page*..."

June 2014 Security Bulletin Webcast Q&A
* http://blogs.technet.com/b/msrc/p/july-2014-security-bulletin-q-a.aspx
June 11, 2014


.

Pages: 1 ... 8 9 [10]
Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 1.633 seconds with 15 queries.