Support our Sponsors


uClip Clipping Path Service



Main Menu
Home
News
Blog
Links
Search
Resources
Windows Software
Mac Software
Hosted Solutions
Server Software
Mobile Solutions
Login



Syndicate
feed-image Feed Entries

spamNEWS | botnet | phising | virus | spam | mallware
Adf.ly Malvertizing Campaign Using HanJuan Exploit Kit, Observes Malwarebytes PDF Print E-mail
Written by Administrator   
Friday, 03 July 2015 09:00

According to Malwarebytes the security company, one fresh malvertizing assault, which targets Adf.ly the URL condensing and advertising service, is using the HanJuan attack toolkit to distribute one newly developed banking Trojan.

The threat worked since the attackers managed towards effectively issuing one malevolent ad to Adf.ly that subsequently got exhibited to Web-surfers clicking on Adf.ly web-links floating across the Web.

Senior Security Researcher Jerome Segura of Malwarebytes explains how Adf.ly commercializes the facility it provides by exhibiting advertisements at the time people follow the condensed web-link. Prior to getting diverted from the condensed web-link onto the real website, one advertisement comes up lasting just seconds. Immediately the malvertizing occurs, Segura says. SCMagazine.com reported this dated June 25, 2015.

Amazingly, just on exhibition of the malvertisement, one chain of diversions gets started even when there's no user interaction. The end-users eventually would land on certain hijacked Joomla site which reportedly thrusts the HanJuan attack toolkit.

According to Segura, the landing site serving the HanJuan carries software that installs attack codes exploiting CVE-2015-0359 a Flash vulnerability as well as CVE-2014-1776 an Internet Explorer flaw, based upon the visitor's profile. Softpedia.com reported this dated June 24, 2015.

And while being malicious software, the payload injects into the prominent Firefox or Chrome or IE web-browser as also maintains watch over Web operations and remains in wait till it gets the login pages of the required Internet forums, which users would actually access.

Meanwhile, Malwarebytes has named the malware 'Fobber,' however, Fox-IT a Dutch security firm recognizes it to be Tinba meaning Tiny Banker, the bank info-stealing Trojan in one fresh variant.

This Trojan, which filches precious user credentials, quite well resists elimination via getting its own updates as also of its command-and-control servers.

Malwarebytes states that although its researchers haven't seen Fobber filch any credentials related to banking websites, a possibility surely exists considering how update model of the malware provides flexibility. Theinquirer.net reported this dated June 25, 2015.

Additionally according to Malwarebytes, it recently made available to the Netherlands' agencies of law enforcement all information regarding the malvertizing scheme, HanJuan, and Fobber.

Read more... - Adf.ly Malvertizing ...
 
Spam, Notifying Legal Changes, Thrust Malware; Dynamoo’s Blog PDF Print E-mail
Written by Administrator   
Friday, 03 July 2015 09:00

According to Dynamoo's Blog, cyber crooks are spreading one fresh malicious program through e-mail, which contains a file attachment asserting it is one legal document delineating thorough information regarding the latest law modifications related to fraud operations, published softpedia.com dated June 25, 2015.

Also, with signatory's name as Pamela Adams in the said e-mail who poses as chief accountant, it is indicative that rather than individual users, the e-mail campaign aims at businesses.

When installed, the malicious program loads the Upatre installer in the form of gebadof.exe followed with the banker Trojan Dyre or qppwkce.exe. Essentially, a PC that gets contaminated with one is more likely to have the other. This follows the notoriety of the pair during recent months.

From initial examination, it has been found that at most 3 security solutions from VirusTotal were able to detect the two programs.

Lately, the detection has been better, though not considerably, since one sample threat became noticeable with 16 solutions from the total 55, while just 9 engines could detect the other.

Security Blogger Conrad Longmore with Dynamoo's Blog after collecting the malware found that its traffic results were associated with various Internet Protocol addresses within USA, Czechoslovakia, Serbia, Ukraine, Slovakia and Russia, reported blog.dynamoo.com dated June 24, 2015.

Disturbingly, the above kind of spam attacks show that bank info-stealing malicious software, especially the Dyre Trojan, is greatly spreading online.

Trend Micro the security company was first to educe the above observation when through the January-March report it released during the 1st-week of June 2015 the company noted almost 9,000 Dyre contaminations during January-March 2015 compared to 4,000 during October-December 2014.

Symantec another security vendor lately echoed the above observation within its threat report titled "Dyre: Emerging threat on financial fraud landscape" wherein the company discussed about noticing speedy increase in employment of Dyre after the earlier notorious Gameover Zeus banker Trojan was attempted at destabilizing.

In his remark, Global Threat Communications Manager Christopher Budd of Trend Micro states that it is vital for noting how the general trend of increased banking malicious programs is occurring year-after-year. SCMagazine.com reported this dated June 25, 2015.

Read more... - Spam, Notifying Lega...
 
Patrons of Hotel.com Become Victims of Phishing Scam PDF Print E-mail
Written by Administrator   
Thursday, 02 July 2015 09:00

Threatpost.com published news on 24th June, 2015 stating that an undisclosed number of travelers using Hotels.com, a website for booking hotel rooms both online and by phone, might have been targets of a phishing email scam after some patrons were off late fooled into divulging their names, email addresses, phone numbers and travel bookings.

According to a notification sent to travelers, a person was apparently capable to convince patrons that they represented either Hotels.com or the inns where they reserved a room through deceptive emails and SMSs.

The notification which emphasizes that data of credit card was not hijacked in the incident, instructs customers to exercise caution while clicking on URLs and transferring money to bank accounts enlisted in deceptive emails from the unknown individual.

It is not clear how the individual collected personal information of the user to send out phishing emails in the first place. Expedia, parent company of travel booking service and Hotels.com, did not give further detail and did not answer a particular question about how the attacker gained access to contact and booking information of users.

Threatpost.com published news on 24th June, 2015 quoting Ingrid Belobradic, Consumer and Corporate PR Manager of Expedia as saying: "We have probed this phishing instance meticulously and affected patrons are being or already have been informed about this and accordingly they have been told about the suitable actions they may require taking."

Expedia claimed that it works constantly to improve the security of its service.

Bobsullivan.net published another statement on 24th June, 2015 quoting Belobradic as saying "To enhance security measure, we have applied a multi-level authentication process in collaboration with our hotel partners and have distributed several education mechanisms to our partners to enable them to understand the sensitivity and importance of these kind of fraudulent activities. Our security team constantly works to address situations like this and always focused to ensure that our sites remain secured as much as possible."

Moreover, Hotels.com is not the only online room booking website which has been attacked by cybercrooks because Booking.com is another online service used for booking which is also favorite of scammers.

Read more... - Patrons of Hotel.com...
 
SingPass Users Warned by IDA about Phishing Email PDF Print E-mail
Written by Administrator   
Thursday, 02 July 2015 09:00

Todayonline.com published news on 25th June, 2015 quoting a recent warning of Infocomm Development Authority of Singapore (IDA) as "Users of SingPass should be cautious of fraudulent emails which claim that their PINs have been suspended."

Especially, SingPass or "Singapore Personal Access" grants residents of Singapore their access to 340 e-government services and IDA (Infocomm Development Authority) is responsible for the development and growth of the Infocomm sector in Singapore.

IDA posted on the Facebook saying that some users of SingPass have received a phishing email titled "SingPass account security info verification" from "SingPass Government ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it )." The email said that SingPass PINs of recipients had been suspended and gave a link to enable them to click on to confirm their email address.

IDA in a Facebook post made it clear that it was actually a phishing email not dispatched by SingPass and if you get this email, avoid clicking on the link and just delete it.

Phishing is a illegally fraudulent process through which a cybercriminal tries to trick users in disclosing his/her sensitive personal details using fraudulent email (like the above case) or fake website of mobile application. The attacker creates a seemingly genuine email for users requesting them to perform some actions. Then crooks provide a hyperlink to a fraudulent website created by them, where the users execute the said actions (For example, in the above case they are asked to confirm their email addresses) thereby crooks capture personal information of these users.

SingPass on its official website highlights some simple tips to minimize the chance of being victimized by such phishing scams. These include: Change your SingPass regularly, e.g. every 90 days, log off your online session once you have finished your transactions and never access online services with your SingPass at any Internet cafes or using mobile devices of others.

However, if you think that you could have been a victim of 'phishing', then please immediately lodge a report at This e-mail address is being protected from spambots. You need JavaScript enabled to view it or call the hotline of SingPass at 6887-7377. This will help SingPass to identify any fraudulent emails, websites or mobile applications which are attempting to collect sensitive information of SingPass holders and take actions against them.

Read more... - SingPass Users Warne...
 
Dyre Trojan Becoming More Sophisticated - Symantec PDF Print E-mail
Written by Administrator   
Wednesday, 01 July 2015 07:00

Symantec, a security firm, recently released a report revealing that cybercriminals running Dyre banking Trojan have built an impressive infrastructure which amounts to hundreds of servers tasked with assignments designed to maintain and expand the activity of the malware.

Money stealing activity of Dyre follows a popular pattern with the web browser being hijacked to monitor web sessions and then redirecting the victim to fake websites or changing the content of the web pages on the fly to collect banking login credentials of the victim.

This one has moved to superior levels unlike malware of the same feather with 285 command and control (C&C) servers and 44 other machines which deliver plug-ins and additional payloads or execute (MitB) attacks.

Cybercriminals have organized C&C machines in such a manner that permits only two IP addresses to be activated at the same time for command and control tasks and dispatching modules.

Computerworld.in published news on 25th June, 2015 quoting Symantec as "Financial institutions in the US and UK are the most targeted but India is not far behind which ranks sixth globally and second in Asia."

Symantec added: "The malware also attacks users of electronic payment services and HR-related websites along with financial institutions. It is a multi-pronged threat and is frequently used to download additional malware into the computer of the victim. In several instances, the victim is added to a botnet that is then employed to send thousands of spam emails in trying to distribute the threat further in the field."

Dyre Trojan has distributed other threats which are identified as: Trojan.Spadoluk, Trojan.Spadyra, Infostealer.Kegotip, Trojan.Pandex.B, Trojan.Doscor, Trojan.Fareit, Trojan.Fitobrute.

Symantec said that they have observed their activity and found that the attackers stick to a five-day work during the UTC +2 or UTC +3 time zone which indicate that they operate outside eastern Europe or Russia.

The security firm highlights some simple tips to minimize the chance of being infected with Dyre. These include: Always keep your security software, operating system and other software updated to protect yourself from any new versions of this malware. Updates of software will often include patches for newly discovered security vulnerabilities which could be exploited by attackers.

Read more... - Dyre Trojan Becoming...
 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 1287
Polls
The Spamproblem is
 
Who's online
We have 105 guests online
News Flash
How do you fight spam?

Spam is a growing pain. How are you combating spam?

Submit your favorite spam fighting links to us