Archive

Archive for February, 2008

MySpace Spammers Are Back

What is Crowdguard.com ? This is the question asked by MySpace user after getting a message from a friend telling her to visit this site.

You need to login your MySpace email address and password to view your pictures. For some people this site seems harmless, but behind this page the objective is to lure people in giving out their Myspace credentials.
Once you give your login credentials, a cgi script will take these informations to a remote server.


And, this message box will pop-up.

To make the story short, the user will not be able to see any pictures – because there’s none. This site is phising for your login details so a remote attacker could use it and send spam bulletins or messages to your MySpace friends. It also generates web traffics for all visited sites.
Similar to Crowdguard is Stalkertrack.com. This site promises for free tracking tool that will let you track or “stalk” all profiles that visits your Myspace page.
Once you entered your MySpace login details, this spammer will start using it to spam your friends.

Not only that, your email address and password are sent to multiple IP addresses in clear text form.

**Note: IP address may change.

Do you wonder how many spams were already created in Myspace?
There are 4 million generated post relating to StalkerTrack and this number will keep increasing if more and more vulnerable MySpace users will get deceived by this trick.

Stay away from these sites!

Malware Retailer Update: Dear Partner

The news …

Dear Partner,

We have three great new for you – first we updated our loader, it now not visible for AV and from now we’ll update exe few times per week – so it always stay invisible so keep updated!

Another one – now we have referral module ready – you can refer webmasters and earn 10% from their revenue! You can find links in your account area.

And main news – we’ve rewrite installs counting module – now we have much better conversation – much more money for you – just try and see.

Here is updated loader link for you: http://69.64.51.47/files/loaders2/adx.exe
Sure you always can use not crypted exe and crypt by yourself, here is your link for NON encrypted exe: http://69.64.51.47/files/loaders-nc/adx.exe

Thank you for your trust!

Let’s keep up good work!

AV scanners result


This business is a “one stop shop” of malwares, where victims will definitely get a bunch of different threats including Trojan DNSChanger for Mac users.

The $$ business continuous!

Cross Platform Joke

Do you know what is a Joke Programs ?

Joke programs is designed to frighten or embarrass a user — creating a virus like symptoms and causes interruption to people’s work. This is the reason why most security software detects it.

This programs are not malwares and definitely poses no threat to computers. They could be in different file format such as executable binaries like .EXE, office documents like .PPT and web-base. Most known joke programs are limited to Windows OS, but with the spurring popularity of Mac, cross-platform is now a consideration.


~~o~~

Last week in yahoo group somebody asked this question, “Can you access this site http://www.internetisseriousbusiness.com ?” Few minutes later, people started to send their replies and one member said “This is the worst thing I’ve done”.

make avatar

So, what happened?

Once you visited the site, it will resize your browser window to 640×480 and it will start moving to every corner of your computer screen while playing a music video “Never Gonna Give You Up” by Rick Astley.

The annoying thing about this website is that it does not allow user to change the url link or close the window and everytime the user attempt to do so, it will display a message box with the song lyrics on it. So, the only way out is to manually terminate the process of your browser. How does that sound to you?

Inspecting the source code of the page, you will see that it does not contain any malicious code that poses threat to its users. Instead, it is just an annoying web-base cross platform joke!

Here is the source code of the page.

Furthermore, searching in Google using the keyword “We’re no strangers to love by Rick” you will find the first result links to another page http://smouch.net/lol that does exactly the same.

Stay away from these sites!

Critical: Mac OS X 10.5.2 and Security Update 2008-001

Apple released the latest Leopard version 10.5.2 and a combo of security fixes.

This is the first security update released for this year where it tries to fix 11 vulnerabilities found in Mac OS X.

This update is important to all OS X users since more than half of these vulnerabilities are critical and may lead to arbitrary code execution.

Mac OS X v10.5.2 / Security Update 2008-001 affects the following :

  • Directory Services
  • Foundation
  • Launch Services
  • Open Directory
  • Mail
  • NFS
  • Parental Controls
  • Samba
  • Terminal
  • X11
These updates are now available at Apple Downloads.

Reference:
About the security content of Mac OS X 10.5.2 and Security Update 2008-001
http://docs.info.apple.com/article.html?artnum=307430

Critical: MS Security Bulletin Advance Notication for February 2008

Microsoft issued today an advance notification for twelve security bulletins that will be released on February 12, 2008.

Two of these twelve critical and important security bulletins affect Microsoft Office 2004 for Mac.


Further details can be found in this site:
http://www.microsoft.com/technet/security/bulletin/ms08-feb.mspx