Monday, February 25, 2008

Your MSN Account Has Been 0WN3D

"Social Engineering is a technique used to manipulate people into performing actions or divulging confidential information by gaining trust. It attempts to gain access to sensitive data such as password, login names and worst - credit card numbers. This method is very easy and high success rate - No wonder it is very popular and often used by hackers."

Do you want to know who's blocking you in MSN?
Whoblocksyou.com can figure out for you! Just visit the site, enter your MSN account and password, then you will get the list.

It certainly looks and sounds real, BUT IT'S NOT!

This site is a scam luring MSN users to provide their login credentials, then after that, it will take control over their account.

Once the user entered his/her login credentials, a message box will be displayed claiming that "..users' privacy is 100% guaranteed". However, users' email address and password are sent over the network in clear text form. So, where's the privacy here?


The disclaimer also mentioned that "we do not save your password..." but once you logged in to your MSN messenger account, you'll find some changes to your display name and personal messages.


Even if you tried to fix this changes, it will keep on returning everytime you sign-in. This is absolutely annoying! Not only that, your friends will see this embarrassing changes as shown in the screenshot below.


If this can happen to your messenger, what more to your email account? Obviously, your MSN account has been 0WN3D. Beware of this trick!

Wednesday, February 20, 2008

MySpace Spammers Are Back

What is Crowdguard.com ? This is the question asked by MySpace user after getting a message from a friend telling her to visit this site.
You need to login your MySpace email address and password to view your pictures. For some people this site seems harmless, but behind this page the objective is to lure people in giving out their Myspace credentials.

Once you give your login credentials, a cgi script will take these informations to a remote server.


And, this message box will pop-up.

To make the story short, the user will not be able to see any pictures - because there's none. This site is phising for your login details so a remote attacker could use it and send spam bulletins or messages to your MySpace friends. It also generates web traffics for all visited sites.

Similar to Crowdguard is Stalkertrack.com. This site promises for free tracking tool that will let you track or "stalk" all profiles that visits your Myspace page.

Once you entered your MySpace login details, this spammer will start using it to spam your friends.

Not only that, your email address and password are sent to multiple IP addresses in clear text form.

**Note: IP address may change.

Do you wonder how many spams were already created in Myspace?

There are 4 million generated post relating to StalkerTrack and this number will keep increasing if more and more vulnerable MySpace users will get deceived by this trick.

Stay away from these sites!

Tuesday, February 19, 2008

Malware Retailer Update: Dear Partner

The news ...

Dear Partner,

We have three great new for you - first we updated our loader, it now not visible for AV and from now we'll update exe few times per week - so it always stay invisible so keep updated!

Another one - now we have referral module ready - you can refer webmasters and earn 10% from their revenue! You can find links in your account area.

And main news - we've rewrite installs counting module - now we have much better conversation - much more money for you - just try and see.

Here is updated loader link for you: http://69.64.51.47/files/loaders2/adx.exe

Sure you always can use not crypted exe and crypt by yourself, here is your link for NON encrypted exe: http://69.64.51.47/files/loaders-nc/adx.exe

Thank you for your trust!

Let's keep up good work!



AV scanners result ...


This business is a "one stop shop" of malwares, where victims will definitely get a bunch of different threats including Trojan DNSChanger for Mac users.

The
$$ business continuous!

Sunday, February 17, 2008

Cross Platform Joke

Do you know what is a Joke Programs ?

Joke programs is designed to frighten or embarrass a user -- creating a virus like symptoms and causes interruption to people's work. This is the reason why most security software detects it.

This programs are not malwares and definitely poses no threat to computers. They could be in different file format such as executable binaries like .EXE, office documents like .PPT and web-base. Most known joke programs are limited to Windows OS, but with the spurring popularity of Mac, cross-platform is now a consideration.

~~o~~

Last week in yahoo group somebody asked this question, "Can you access this site http://www.internetisseriousbusiness.com ?" Few minutes later, people started to send their replies and one member said "This is the worst thing I've done".

make avatar

So, what happened?

Once you visited the site, it will resize your browser window to 640x480 and it will start moving to every corner of your computer screen while playing a music video "Never Gonna Give You Up" by Rick Astley.

The annoying thing about this website is that it does not allow user to change the url link or close the window and everytime the user attempt to do so, it will display a message box with the song lyrics on it. So, the only way out is to manually terminate the process of your browser. How does that sound to you?

Inspecting the source code of the page, you will see that it does not contain any malicious code that poses threat to its users. Instead, it is just an annoying web-base cross platform joke!

Here is the source code of the page.

Furthermore, searching in Google using the keyword "We're no strangers to love by Rick" you will find the first result links to another page http://smouch.net/lol that does exactly the same.


Stay away from these sites!

Wednesday, February 13, 2008

Happy Valentine's Day From Storm Worm

Storm Worm has been waiting for this day. It's been spamming about Valentine's Day since early January with email subjects "Falling In Love with You", "Heavenly Love", "Sent with Love", "You're the One", "Our Love Will Last", "A Toast My Love", "Our Love is Strong" and "Your Love Has Opened" .

The email content will always have a url link that points to a malicious website that displays a red heart.
make avatar
However this week, Storm Worm delivers eight different images for this awaited occasion.

make avatar
A vulnerable user clicking an IP-based website from the spammed email will certainly experience Storm Valentine's Day greetings with a downloading executable "valentine.exe". This executable is a high risk mass-mailing worm currently affecting Windows platform.


This threat does not affect Mac OS X users but definitely a piece of junk that will stay in the download folder.

Stay safe online!

Monday, February 11, 2008

Critical: Mac OS X 10.5.2 and Security Update 2008-001


Apple released the latest Leopard version 10.5.2 and a combo of security fixes.

This is the first security update released for this year where it tries to fix 11 vulnerabilities found in Mac OS X.

This update is important to all OS X users since more than half of these vulnerabilities are critical and may lead to arbitrary code execution.

Mac OS X v10.5.2 / Security Update 2008-001 affects the following :
  • Directory Services
  • Foundation
  • Launch Services
  • Open Directory
  • Mail
  • NFS
  • Parental Controls
  • Samba
  • Terminal
  • X11
These updates are now available at Apple Downloads.

Reference:
About the security content of Mac OS X 10.5.2 and Security Update 2008-001
http://docs.info.apple.com/article.html?artnum=307430


Thursday, February 7, 2008

Critical: MS Security Bulletin Advance Notication for February 2008

Microsoft issued today an advance notification for twelve security bulletins that will be released on February 12, 2008.

Two of these twelve critical and important security bulletins affect Microsoft Office 2004 for Mac.


Further details can be found in this site:
http://www.microsoft.com/technet/security/bulletin/ms08-feb.mspx

Wednesday, February 6, 2008

Phishing or Joking ?

My manager forwarded me this email with a note ...

"I think this is the funniest, undoubtedly most clumsy phisher I have ever seen". 

**Note: CommonWealth Bank and Westpac are two different banks in Australia.   

This email is already one week old, but still it make sense. For somebody who understands phising emails, you will certainly agree and think these guys are joking. 

But in contrary, there's a wide population that does not understand anything of this and are vulnerable even to it's very obvious trick.   

The importance of continuous education and awareness is significant to Information Security and this was discussed in recent meeting of Anti-Spyware Coalition in Washing D.C. 

Related Topic:
Education: What Works and What Doesn’t? [Audio]

Tuesday, February 5, 2008

Click and Link to Malware

Nowadays, malwares are not hard to find. In fact, they are just everywhere lurking around the internet. But recently as we observed, there is something more agressive approach in getting user's attention and this is Advertisements.

Yes, there has been a series of complains about malicious advertisements. Just two weeks ago, Rapsody.com and Expedia.com has been hit by malicious banner Ad and there are more websites reported since then.

Q: Why is this happening?
A: Because Money is the root of ALL evil

The idea of malware retailing seems to be working here now. This business is not a scam or fraud, it is a real $$ business and we will be seeing more agressive ways because of the competition among other partners.

The malware business simple formula is this:

N(Click+Play+Install+M) = N($$$)

Where N is the number of ways it is delivered to net users or surfers. This could be in the form of website or email url links, banner advertisements, popups, message alert box, p2p downloads, bundled softwares, email attachments and et cetera.

Where M is the number of idea or strategy in getting more partners joining the business. This could be pay-per-click, pay-per-install, pay-per-play like previewing movie trailers, taking online surveys and et cetera.

Given this formula, it is more likely that high traffic websites such as social networks are at most risk and highly potental for infestation of malware retailers.

Three days ago, Myspace user reported a malicious Ad served by Myserver4u.com. The link attempts to download an Adobe flash file named "gnida.swf". This swf file is a malicious trojan downloader, which fortunately most AV scanners already detects.

A similar case was also found in Gaiaonline.com - a known community of Anime fan and Genesreunited.com - a No. 1 UK family tree and genealogy site. The malicious Ad served by quinquecahue.com attempts to play the swf trojan and redirects the user to a Rogue website. Check the screenshot here.



There is an increasing prevalence of this threat and we will be seeing more of this in the next few days. Watchout!