mx lab blog – all about anti virus and anti spam
April 25, 2009 Leave a Comment
Commtouch launches the new Online Security Center at http://www.commtouch.com/security-center featuring information and statistics regarding spam and malware outbreaks, the real time spam outbreak monitor and other messaging and Web threats.
April 24, 2009 Leave a Comment
Take extra attention when receiving messages with the subject ”WorldPay CARD transaction Confirmation” claiming that your invoice is attached to the email as a ZIP file.
MX Lab intercepted emails with malware attached. The From address doesn’t belong to WorldPay at all and is spoofed randomly. This is the contents of the body:
Thank you!
Your transaction has been processed by WorldPay, on behalf of Amazon Inc.
The invoice file is attached to this message.
This is not a tax receipt.
We processed your payment.
Amazon Inc has received your order,
and will inform you about delivery.Sincerely,
Amazon TeamThis confirmation only indicates that your transaction has been processed successfully.
It does not indicate that your order has been accepted.
It is the responsibility of Amazon Inc to confirm that your order has been accepted, and to deliver any goods or services you have ordered.
The malware is known as Trojan-Spy:W32/Zbot.OSK (F-Secure), Trojan-Spy.Win32.Zbot.sot (Kaspersky), PWS:Win32/Zbot.M (Microsoft) or Mal/EncPk-HZ (Sophos).
The threat has the characteristics of ZBot – a banking trojan that disables firewall, steals sensitive financial data (credit card numbers, online banking login details), makes screen snapshots, downloads additional components, and provides a hacker with the remote access to the compromised system.
VirusTotal permlink and MD5: d4131d5a287bce49ddb3a4f9db7e7dc1.
April 3, 2009 Leave a Comment
Covering phishing attempts as a survey seems to be a popular technique and also banks are a target. The fake online AIG survey at hxxp://200.85.152.190/aig/survey is just another example.
It is a very short survey and you can fill in your personal contact details. This will be an additional potential source of information if filled in correctly.
When the survey is complete you will get a screen with the possibility to fill in your credit card details. When you do, you will get a $100 credit to your account. It will be more likely that $100 or more will be deducted from your credit card account.
Never complete a survey where you need to fill in credit card details. Also, this site is hosted on an IP address and not on a domain. Always suspicious.
WordPress comments lead to fake profiles on LinkedIn
April 15, 2009 by mxlab 2 Comments
Although it has nothing to do with real spam, it caught my attention when managing the MX Lab blog. When reading some comments I noticed that the provided URL was leading to a LinkedIn profile. Some examples below.
And this one
When visiting the URL it leads us to the fake LinkedIn profile.
Notice the three web site links in the profile. They lead to http://bit.ly which is a URL shortener & tracking service.
Following sites appear when visiting some links, obviously very commercial.
Be carefull when using or visiting sites that are being promoted through a URL shortening and tracking service. Because of the fact that the URL is so short and no details are visible about the real URL, it is possible that you could end up visiting sites that host malware or are phishing sites. It’s a very common technique to lure the surfer.
Filed under Various Tagged with fake profile, linkedin, profiles, spam accounts, wordpress, wordpress comments