Archive

Archive for February, 2008

MySpace Spammers Are Back

February 20, 2008 Leave a comment

What is Crowdguard.com ? This is the question asked by MySpace user after getting a message from a friend telling her to visit this site.

You need to login your MySpace email address and password to view your pictures. For some people this site seems harmless, but behind this page the objective is to lure people in giving out their Myspace credentials.
Once you give your login credentials, a cgi script will take these informations to a remote server.


And, this message box will pop-up.

To make the story short, the user will not be able to see any pictures – because there’s none. This site is phising for your login details so a remote attacker could use it and send spam bulletins or messages to your MySpace friends. It also generates web traffics for all visited sites.
Similar to Crowdguard is Stalkertrack.com. This site promises for free tracking tool that will let you track or “stalk” all profiles that visits your Myspace page.
Once you entered your MySpace login details, this spammer will start using it to spam your friends.

Not only that, your email address and password are sent to multiple IP addresses in clear text form.

**Note: IP address may change.

Do you wonder how many spams were already created in Myspace?
There are 4 million generated post relating to StalkerTrack and this number will keep increasing if more and more vulnerable MySpace users will get deceived by this trick.

Stay away from these sites!

Categories: Malwares, Spamming Tags: , , , , , , ,

Malware Retailer Update: Dear Partner

February 19, 2008 Leave a comment
The news …

Dear Partner,

We have three great new for you – first we updated our loader, it now not visible for AV and from now we’ll update exe few times per week – so it always stay invisible so keep updated!

Another one – now we have referral module ready – you can refer webmasters and earn 10% from their revenue! You can find links in your account area.

And main news – we’ve rewrite installs counting module – now we have much better conversation – much more money for you – just try and see.

Here is updated loader link for you: http://69.64.51.47/files/loaders2/adx.exe
Sure you always can use not crypted exe and crypt by yourself, here is your link for NON encrypted exe: http://69.64.51.47/files/loaders-nc/adx.exe

Thank you for your trust!

Let’s keep up good work!

AV scanners result


This business is a “one stop shop” of malwares, where victims will definitely get a bunch of different threats including Trojan DNSChanger for Mac users.

The $$ business continuous!

Categories: Malwares Tags: , , , , , , ,

Cross Platform Joke

February 18, 2008 1 comment
Do you know what is a Joke Programs ?

Joke programs is designed to frighten or embarrass a user — creating a virus like symptoms and causes interruption to people’s work. This is the reason why most security software detects it.

This programs are not malwares and definitely poses no threat to computers. They could be in different file format such as executable binaries like .EXE, office documents like .PPT and web-base. Most known joke programs are limited to Windows OS, but with the spurring popularity of Mac, cross-platform is now a consideration.


~~o~~

Last week in yahoo group somebody asked this question, “Can you access this site http://www.internetisseriousbusiness.com ?” Few minutes later, people started to send their replies and one member said “This is the worst thing I’ve done”.

make avatar

So, what happened?

Once you visited the site, it will resize your browser window to 640×480 and it will start moving to every corner of your computer screen while playing a music video “Never Gonna Give You Up” by Rick Astley.

The annoying thing about this website is that it does not allow user to change the url link or close the window and everytime the user attempt to do so, it will display a message box with the song lyrics on it. So, the only way out is to manually terminate the process of your browser. How does that sound to you?

Inspecting the source code of the page, you will see that it does not contain any malicious code that poses threat to its users. Instead, it is just an annoying web-base cross platform joke!

Here is the source code of the page.

Furthermore, searching in Google using the keyword “We’re no strangers to love by Rick” you will find the first result links to another page http://smouch.net/lol that does exactly the same.

Stay away from these sites!

Categories: Joke Tags: , , , , , , ,

Critical: Mac OS X 10.5.2 and Security Update 2008-001

February 11, 2008 Leave a comment

Apple released the latest Leopard version 10.5.2 and a combo of security fixes.

This is the first security update released for this year where it tries to fix 11 vulnerabilities found in Mac OS X.

This update is important to all OS X users since more than half of these vulnerabilities are critical and may lead to arbitrary code execution.

Mac OS X v10.5.2 / Security Update 2008-001 affects the following :

  • Directory Services
  • Foundation
  • Launch Services
  • Open Directory
  • Mail
  • NFS
  • Parental Controls
  • Samba
  • Terminal
  • X11
These updates are now available at Apple Downloads.

Reference:
About the security content of Mac OS X 10.5.2 and Security Update 2008-001
http://docs.info.apple.com/article.html?artnum=307430

Categories: Vulnerability Tags: , , ,

Critical: MS Security Bulletin Advance Notication for February 2008

February 7, 2008 Leave a comment

Microsoft issued today an advance notification for twelve security bulletins that will be released on February 12, 2008.

Two of these twelve critical and important security bulletins affect Microsoft Office 2004 for Mac.


Further details can be found in this site:
http://www.microsoft.com/technet/security/bulletin/ms08-feb.mspx

Categories: Vulnerability Tags: , , , , ,

Phishing or Joking ?

February 7, 2008 Leave a comment
My manager forwarded me this email with a note …

“I think this is the funniest, undoubtedly most clumsy phisher I have ever seen”.

**Note: CommonWealth Bank and Westpac are two different banks in Australia.

This email is already one week old, but still it make sense. For somebody who understands phising emails, you will certainly agree and think these guys are joking.
But in contrary, there’s a wide population that does not understand anything of this and are vulnerable even to it’s very obvious trick.
The importance of continuous education and awareness is significant to Information Security and this was discussed in recent meeting of Anti-Spyware Coalition in Washing D.C.
Related Topic:
Education: What Works and What Doesn’t? [Audio]
Categories: Phishing Tags: ,

Click and Link to Malware

February 5, 2008 Leave a comment
Nowadays, malwares are not hard to find. In fact, they are just everywhere lurking around the internet. But recently as we observed, there is something more agressive approach in getting user’s attention and this is Advertisements.
Yes, there has been a series of complains about malicious advertisements. Just two weeks ago, Rapsody.com and Expedia.com has been hit by malicious banner Ad and there are more websites reported since then.

Q: Why is this happening?
A: Because Money is the root of ALL evil

The idea of malware retailing seems to be working here now. This business is not a scam or fraud, it is a real $$ business and we will be seeing more agressive ways because of the competition among other partners.

The malware business simple formula is this:

N(Click+Play+Install+M) = N($$$)
Where N is the number of ways it is delivered to net users or surfers. This could be in the form of website or email url links, banner advertisements, popups, message alert box, p2p downloads, bundled softwares, email attachments and et cetera.

Where M is the number of idea or strategy in getting more partners joining the business. This could be pay-per-click, pay-per-install, pay-per-play like previewing movie trailers, taking online surveys and et cetera.

Given this formula, it is more likely that high traffic websites such as social networks are at most risk and highly potental for infestation of malware retailers.

Three days ago, Myspace user reported a malicious Ad served by Myserver4u.com. The link attempts to download an Adobe flash file named “gnida.swf”. This swf file is a malicious trojan downloader, which fortunately most AV scanners already detects.

A similar case was also found in Gaiaonline.com – a known community of Anime fan and Genesreunited.com – a No. 1 UK family tree and genealogy site. The malicious Ad served by quinquecahue.com attempts to play the swf trojan and redirects the user to a Rogue website. Check the screenshot here.


There is an increasing prevalence of this threat and we will be seeing more of this in the next few days. Watchout!

Categories: Emerging Threats, Exploits Tags: , , , , , , , , , , , , , ,

Malware Retailers Includes Trojan for Mac

February 1, 2008 Leave a comment

As I mentioned last time, it is possible that these retailers will also include binary for Mac.

Now it’s confirmed, as I was surfing my Cashcodec.com webmaster account this morning, I went to “Galleries” page (this contains thousand of links to different porn sites) and noticed the name of the codec it is trying to install “qazcodec4481.exe”. I reckon one of the installer of Trojan DNS Changer is “qazcodec1000.dmg”.


The installation strategy of this malware always looks like this.


Beware of this trick!

Categories: Malwares Tags: , , , , ,
Follow

Get every new post delivered to your Inbox.