FYI...Fake Westpac Bill Payment - Phish
Feb 25, 2014 - "Message supposedly sent by Australian bank Westpac, notifies recipients that a payment to a biller has been successfully processed and invites them to click a link
to view transaction details. Westpac did -not- send the email. The message is a phishing scam
that attempts to lure Westpac customers into visiting a fraudulent website and providing their account login details. Criminals will use the stolen information to hijack Westpac bank accounts belonging to their victims.Example
This email, which was supposedly sent by large Australian bank Westpac, informs recipients that a payment to a biller has been successfully processed. The email includes details of the bill payment and invites recipients to follow a link to view more information
about the transaction. The message includes the Westpac logo... It is a -phishing- scam that was created with the goal of tricking recipients into giving their Westpac account login details to cybercriminals. Some Westpac customers who receive the bogus notification may be panicked into clicking the link in the mistaken belief that their accounts have been compromised and used to conduct fraudulent transactions in their names... the criminals responsible for the phishing campaign will collect the submitted login credentials. The criminals can use the stolen credentials to access their victims' bank accounts, transfer funds and commit further fraudulent transactions. If you receive one of these emails, do -not- click any links -or- open any attachments that it contains. Westpac has published information about phishing scams and how to report them on its website*..."
___Fake British Airways e-ticket email - malware
Feb 25, 2014 - "If you have received an unexpected email, claiming to come from British Airways, about an upcoming flight that you haven’t booked
– please be on your guard. Online criminals are attempting to infect innocent users’ computers with a variant of the malicious Win32/Spy.Zbot
.AAU trojan, by disguising their attack as an e-ticket
from the airline. To maximise the potential number of victims, the attackers have spammed out messages widely from compromised computers.
... Of course, although the email claims to come from British Airways – it is nothing of the sort. In a classic example of social engineering, criminals are hoping that email recipients will worry that their credit card has been fraudulently used to purchase an air ticket, and click on links inside the email to find out more. However, if user download the supposed e-ticket, and launch its contents they will be infecting themselves with a trojan horse that can spy on their computer activity and give malicious hackers third-party access to their data... the malware has been spread via malicious links after cybercriminals forged email headers to make their messages look like they really came from British Airways’s customer service department. But it’s equally possible for attackers to spread their malware via email attachments, or for other disguises to be deployed if those behind the spam blitz believe that they have a greater chance of success. Remember to always be suspicious of clicking on links in unsolicited emails, and the social engineering tricks that are frequently used to lure computer users into making unwise decisions..."
___WhatsApp desktop client doesn’t exist, used in Spam Attack anyway
Feb 25, 2014 - "The popular messaging application WhatsApp recently made headlines when it was acquired by Facebook... Cybercriminals didn’t waste much time to capitalize on this bit of news: barely a week after the official announcement, we saw a spam attack that claims that a desktop version
of the popular mobile app is now being tested.Screenshot of spammed message
... The message also provides a download link to this version, which is detected as TROJ_BANLOAD.YZV, which is commonly used to download banking malware. (This behavior is the same, whether on PCs or mobile devices). That is the case here; TSPY_BANKER.YZV is downloaded onto the system. This BANKER variant retrieves user names and passwords stored in the system, which poses a security risk for online accounts accessed on the affected system. The use of BANKER malware, coupled with a Portuguese message, indicates that the intended targets are users in Brazil. Feedback from the Smart Protection Network indicates that more than 80 percent of users who have accessed the malicious site do come from Brazil. Although the volume of this spam run is relatively low, it is currently increasing. One of our spam sources reported that samples of this run accounted for up to 3% of all mail seen by that particular source, which indicates a potential spam outbreak. We strongly advise users to be careful of this or similar messages; WhatsApp does -not- currently have a Windows or Mac client, so all messages that claim one exists can be considered -scams-
___Bitcoin exchange Mt. Gox disappears
Feb 25, 2014 - "Mt. Gox, once the world's biggest bitcoin exchange, looked to have essentially disappeared on Tuesday, with its website down
, its founder unaccounted for and a Tokyo office empty bar a handful of protesters saying they had lost money investing in the virtual currency. The digital marketplace operator, which began as a venue for trading cards, had surged to the top of the bitcoin world, but critics - from rival exchanges to burned investors - said Mt. Gox had long been lax over its security. It was not clear what has become of the exchange, which this month halted withdrawals indefinitely after detecting "unusual activity." A global bitcoin organization referred to the exchange's "exit," while angry investors questioned whether it was still solvent..."
___Developers attack code bypasses MS EMET tool
Feb 24, 2014 - "Researchers have developed attack code that completely bypasses Microsoft's zero-day prevention software, an impressive feat that suggests criminal hackers are able to do the same thing when exploiting vulnerabilities that allow them to surreptitiously install malware. The exploit code, which was developed by researchers from security firm Bromium Labs, bypasses each of the many protections included in the freely available EMET, which is short for Enhanced Mitigation Experience Toolkit... The Bromium exploit included an example of a real-world attack that was able to circumvent techniques designed to mitigate the damage malicious code can do when targeting security bugs included in third-party applications... The researchers privately informed security personnel at Microsoft before going public with their findings; the software giant plans to credit the research when releasing the upcoming version 5 of EMET..."