Recently in Phishing Category
Posted By Netgear Threat Lab at 4:05 PM, June 8, 2010
With the 2010 FIFA World Cup closely approaching and the world going into a frenzy, spammers armed with malicious emails are also joining in on the festivities.
So far we've seen two types of these mal-emails:
The first is your typical Nigerian scam - The email claims that the recipient was just drawn as a winner in the online sweepstakes held by the International Federation of Association Football (FIFA). In order to receive the winnings the victims are required to provide detailed personal information. Further emails will eventually require them to pay a fee to secure their winnings. The personal information provided will be used in a vast array of crimes such as identity theft, distribute spam, phishing, and other types of fraud.
The other type of spam contains a PDF attachment. The message body has content such as a detailed guide to South African tourism, ticketing services, and other information to induce the user to open the PDF attachment.
The PDF file actually contains malicious code that exploits a known vulnerability in Adobe Reader. Once the user opens the PDF, it will automatically download and install a variety of malware.
FIFA has recently alerted fans about similar online scams on their blog. With the start of the World Cup approaching in a couple of days, expect to see more and more of these scams.
Posted by: Netgear Threat Lab at 4:05 PM
Categories: Malware , Netgear Threat Lab , Phishing , Spam
Posted By Netgear Threat Lab at 11:59 PM, May 31, 2010
Facebook will top 500 million users by June. While more and more friends are getting in touch with each other via Facebook, we see the same rapid growth in the number of viruses and phishing schemes using Facebook as its vehicle to the end user. Studies have shown that Facebook, along with Ebay and Paypal become the most common targets for phishers.
Our labs and other malware monitoring organizations around the world have recently intercepted a large number of Facebook phishing messages. What makes these messages different is that, it is not limited to stealing the usernames and passwords of Facebook accounts, but also attempts to exploit a number of well-known vulnerabilities and install malicious software on the end user machine.
This type of phishing message usually has an eye catching subject such as "photos of sex with my new girlfriend" along with a message like "i remember you asked me for photos of sex with my new girlfriend. Take the url: upload.***.tld/vb087bl/". When users click on the link, they will be taken to the phishing page "auth.facebook.com.***.tld/vb087bl/LoginFacebook.php". On this page is a tiny iframe that tries to push malware to the end user via some well known software vulnerabilities.
Again, we recommend users of Facebook to use good judgement before clicking on suspicious messages.
Posted by: Netgear Threat Lab at 11:59 PM
Posted By Pete at 8:48 PM, February 28, 2010
Yesterday, a large number of Twitter users received from friends tweets titled "this you????" which pointed to a false Twitter landing page.
If the victim enters their user name and password on the fake landing page, the attackers will be able to control their account and use it to send out even more phishing tweets.
Does this attack sound familiar? Here at the lab, we use MSN quite a lot and have seen many similar phishing attacks via MSN. This type of phishing attack is based on a sociological approach and is being rapidly ported to twitter and other social networks.
We recommend that you do not open any suspicious messages whether it's Twitter or MSN or anything else. If your friends frequently tell you that they are receiving strange messages from you, it probably means your account information has been stolen and that you need to change your password as soon as possible in addition to a full system virus scan.
Posted by: Pete at 8:48 PM
Categories: Netgear Threat Lab , Phishing
Posted By Pete at 4:59 PM, October 30, 2009
I just received this email in my Yahoo mailbox:
What do you guys think? Should I email Mrs. Elizabeth and claim my 11 million?
I could really use the extra cash right now.
Posted by: Pete at 4:59 PM
Categories: General , Phishing , Spam
Posted By Netgear Threat Lab at 3:16 PM, October 30, 2009
Based on data collected in Q3 2009, we found that business related sites were most likely to host malware. Pornography and sexually explicit sites came in at number 2 this quarter. As a sign of the economic times, real estate, shopping, and travel sites also made the top 10.
As for sites manipulated by phishing, health & medicine related sites still top the list, followed closely by sex education and finance. The rest of the top 10 contained no surprises, however we do see a drop in social networking phishing sites. That may be due to more awareness on the existence of such sites being exploited for phishing.
Posted by: Netgear Threat Lab at 3:16 PM
Categories: Malware , Netgear Threat Lab , Phishing
Posted By Netgear Threat Lab at 2:48 PM, October 30, 2009
Spammers are continually looking for ways to hide their true identity to bypass content filters, and ways to employ social engineering to bypass human filters (i.e., judgment) that can often distinguish if something is spam just by looking at it. The message pictured here was circulated in the third quarter.
This message, with its familiar blue header, was designed to fool people and spam filters that may not properly identify image-based spam, since all the actual content was in an image. The image itself is typically blocked by email clients like Microsoft Outlook, until the user downloads the image. However since the email appears to be legitimate, the user may download the image, revealing that it is actually pharmaceutical spam. The only content that text-based filters can identify in such a message is the traditional Facebook text, such as..."if you do not wish to receive this type of Facebook mail in the future" making it appear legitimate.
The message was not actually sent from Facebook - if it had been, the return address would have been Facebook, and not "Tammi Manley". Also, all the links within the message, such as "Unsubscribe" and "More info", lead to the pharmaceuticals site pictured in the advertisement.
Source: Commtouch Labs
Posted by: Netgear Threat Lab at 2:48 PM
Categories: Netgear Threat Lab , Phishing
Posted By Pete at 10:31 PM, September 16, 2009
The RSA FraudAction Research Lab has recently discovered a new type of phishing attack that targets online banking customers (e.g. me and you). While past phishing attacks simply look for the victim to enter in their online banking credentials, this one does not stop there.
After the victim is tricked into entering their login credientials (usually at this point, entering in their login credentials, the victims are redirected to the phishing Web site or to the real bank Web site.), the attacker goes one step further by initiating an online live chat session. During this live chat, the attacker attempts to extort even more information from the victim through social engineering (phone numbers, addresses...etc).
Attackers are always finding new and creative ways to obtain sensitive information. You can never be too sure. My best advice is: When in doubt, go to your local branch.
Posted by: Pete at 10:31 PM
Categories: General , Phishing
Posted By Pete at 5:26 PM, July 17, 2009
Michael Jackson's unexpected passing has shocked the world and generated a new wave of "Michael Mania". Everywhere you go, people are talking about it. It's all over TV, radio, and the Internet. Even I have pulled out my old stash of Michael Jackson CDs and gave Thriller another good listen.
As we've mentioned before in this blog, hot news items such as this one are often exploited by spammers and other cyber criminals. Sadly, MJ is no exception. Riding on this wave of public interest, emails claiming Michael Jackson being murdered, having exclusive video footage, or emails with Michael Jackson's songs or pictures began to surface minutes after his death. These emails contain attachments and bad URLs that had malware. These were all used in attempt to infect user PCs and to extract information from them for criminal purposes.
Another method also used was fake Michael Jackson related blogs. Users would see many pop-up services when browsing to these fake blog sites pretending to talk about Michael Jackson. While the users are reading the fake blogs, malicious scripts would attack the reader's machine in the background.
As if Michael Jackson's death hasn't already been exploited enough by the media, cyber criminals also felt the need to jump in on the exploitation. So, fake emails, fake videos, fake pictures, fake URLs, fake blogs, fake nose (sorry), there are so many smoke and mirrors regarding this subject floating around that one really needs to be careful what they click on. Otherwise your machine might be the one that's paralyzed.
Posted by: Pete at 5:26 PM
Categories: General , Malware , Phishing , Spam , Worms
Posted By Netgear Threat Lab at 2:19 PM, July 2, 2009
The adoption of social networking has spread like wild fire the past few years. It has become a mainstay as one of the major activities people participate in when on the Internet. However, at the same time, its popularity has attracted the attention of malware authors and other cyber criminals. After using Facebook and MySpace as a means to spread malware, they have now turned their attention to Twitter. A new virus utilizing Twitter has caught our eyes.
This new Twitter does not use "tweets" to spread, but instead is another type of email spam based phishing attack. The bait this time - is the trust users have for official invitation emails from Twitter itself.
The user will receive an invitation email from email@example.com with the subject being "Your friend invited you to twitter!". The contents of this email are identical to real invitations from Twitter with one exception: the invitation URL in the email is fake and does not lead to the Twitter Web site. Instead, it's a link to a Invitation Card.zip file. This zip file contains the virus Trojan.Win32.Buzus.anee. This virus infects Explorer.exe and will at theinstruction of its creator, download more malware onto the infected desktop.
With more and more people utilizing social networks as part of their everyday lives, attacks that exploit these social networks only look to be more common. The next time you receive a tweet or a app invite on Facebook, look twice before you click.
Posted by: Netgear Threat Lab at 2:19 PM
Categories: Malware , Netgear Threat Lab , Phishing , Spam , Viruses
Posted By Pete at 3:18 PM, May 6, 2009
By now, you've all probably heard or read about the recent swine flu outbreak. Everyone here is on code orange swine flu alert. People are taking safety precautions (the right thing to do) so that this thing doesn't do too much damage. Well, it turns out we are not the only ones affected by this virus. Believe it or not, your PC is also at risk. Read more about it here and here.
Swine flu related spam and phishing attacks have already begun surfacing on the Internet. Some of these emails contain eye catching subject lines such as "First US swine flu victims!" or "Madonna caught swine flu!". Others claim to sell pharmaceuticals that cure or prevent swine flu and contain links to fake online drug sites. None of this should be any surprise as hot news items are almost always exploited by spammers see Richardson, Natasha.
Expect only more of these spam and phishing attacks exploiting swine flu in the coming weeks.
Posted by: Pete at 3:18 PM
Categories: General , Phishing , Spam
« Netgear Threat Lab |
Main Index |
| Spam »