Security Blog
Recently in Spam Category
November 3, 2009
Trick or Treat - International Kill-A-Zombie Day
I hope everyone enjoyed their Halloween and their fair share of candy. And no, we are not talking about killing "REAL" zombies (the ones in flesh, or rotten flesh to be more exact) here.
As we've mentioned time and time again, zombies are a growing problem in today's Internet. Once a PC has been infected, it joins the ranks of the fellow infected as zombies who respond to any command a hacker might give it. They are used to send spam (yes, the spam you get everyday comes from a zombie, NOT a mailman in cyberspace), carry out denial of service attacks, and many other mischievous deeds.
Our friends at Sophos have designated October 31st as the International Kill-A-Zombie Day (images of Resident Evil, Zombieland, and Night of the Living Dead just pop into my mind saying that). They've come out with two very interesting videos to promote zombie awareness. Have a look and join the fight!
">
">
Posted by: Pete at 1:37 PM
Categories: General , Malware , Spam
October 30, 2009
This Week in Phishing
I just received this email in my Yahoo mailbox:
What do you guys think? Should I email Mrs. Elizabeth and claim my 11 million?
I could really use the extra cash right now.
Posted by: Pete at 4:59 PM
Categories: General , Phishing , Spam
October 30, 2009
Threat Lab Q3 Report: Spam
In Q3, Pharmacy spam returned to the top spot with 68% of all spam messages. Last quarter's top spam subject, enhancers, fell from 46.2% to 11% of all spam messages this quarter.
Spam levels averaged 83% of all email traffic throughout the quarter, peaking at 97% in July and bottoming out at 71% in August.
Source: Commtouch Labs
Posted by: Netgear Threat Lab at 3:01 PM
Categories: Netgear Threat Lab , Spam
July 17, 2009
Michael Jackson Spam Rises From the Grave
Michael Jackson's unexpected passing has shocked the world and generated a new wave of "Michael Mania". Everywhere you go, people are talking about it. It's all over TV, radio, and the Internet. Even I have pulled out my old stash of Michael Jackson CDs and gave Thriller another good listen.
As we've mentioned before in this blog, hot news items such as this one are often exploited by spammers and other cyber criminals. Sadly, MJ is no exception. Riding on this wave of public interest, emails claiming Michael Jackson being murdered, having exclusive video footage, or emails with Michael Jackson's songs or pictures began to surface minutes after his death. These emails contain attachments and bad URLs that had malware. These were all used in attempt to infect user PCs and to extract information from them for criminal purposes.
Another method also used was fake Michael Jackson related blogs. Users would see many pop-up services when browsing to these fake blog sites pretending to talk about Michael Jackson. While the users are reading the fake blogs, malicious scripts would attack the reader's machine in the background.
As if Michael Jackson's death hasn't already been exploited enough by the media, cyber criminals also felt the need to jump in on the exploitation. So, fake emails, fake videos, fake pictures, fake URLs, fake blogs, fake nose (sorry), there are so many smoke and mirrors regarding this subject floating around that one really needs to be careful what they click on. Otherwise your machine might be the one that's paralyzed.
Posted by: Pete at 5:26 PM
Categories: General , Malware , Phishing , Spam , Worms
July 2, 2009
Threat Lab Report: Social Networking Twitter Spam on the Rise
The adoption of social networking has spread like wild fire the past few years. It has become a mainstay as one of the major activities people participate in when on the Internet. However, at the same time, its popularity has attracted the attention of malware authors and other cyber criminals. After using Facebook and MySpace as a means to spread malware, they have now turned their attention to Twitter. A new virus utilizing Twitter has caught our eyes.
This new Twitter does not use "tweets" to spread, but instead is another type of email spam based phishing attack. The bait this time - is the trust users have for official invitation emails from Twitter itself.
The user will receive an invitation email from invitations@twitter.com with the subject being "Your friend invited you to twitter!". The contents of this email are identical to real invitations from Twitter with one exception: the invitation URL in the email is fake and does not lead to the Twitter Web site. Instead, it's a link to a Invitation Card.zip file. This zip file contains the virus Trojan.Win32.Buzus.anee. This virus infects Explorer.exe and will at theinstruction of its creator, download more malware onto the infected desktop.
With more and more people utilizing social networks as part of their everyday lives, attacks that exploit these social networks only look to be more common. The next time you receive a tweet or a app invite on Facebook, look twice before you click.
Posted by: Netgear Threat Lab at 2:19 PM
Categories: Malware , Netgear Threat Lab , Phishing , Spam , Viruses
May 6, 2009
Swine Flu: Coming to a PC Near You
By now, you've all probably heard or read about the recent swine flu outbreak. Everyone here is on code orange swine flu alert. People are taking safety precautions (the right thing to do) so that this thing doesn't do too much damage. Well, it turns out we are not the only ones affected by this virus. Believe it or not, your PC is also at risk. Read more about it here and here.
Swine flu related spam and phishing attacks have already begun surfacing on the Internet. Some of these emails contain eye catching subject lines such as "First US swine flu victims!" or "Madonna caught swine flu!". Others claim to sell pharmaceuticals that cure or prevent swine flu and contain links to fake online drug sites. None of this should be any surprise as hot news items are almost always exploited by spammers see Richardson, Natasha.
Expect only more of these spam and phishing attacks exploiting swine flu in the coming weeks.
Posted by: Pete at 3:18 PM
Categories: General , Phishing , Spam
April 27, 2009
Threat Lab Report: A New Kido Variant
April 1st has come and gone, however the activities of the Kido (Conficker) worm have not stopped because of it. Recently, a mutated variant of Kido with new functionality has caught our attention. This new variant is detected as Trojan-Downloader.Win32.Kido, and compared to past variants the main difference is that it uses Peer to Peer (P2P) protocols for communication instead of HTTP which was used by previous variants of this worm. This means that this new variant of Kido utilizes P2P channels to download new malicious code or for botnet control.
Once a user PC is infected by this new variant of Kido, it will automatically download fake anti-malware software by the name of "spyware protect 2009" (detected as FraudTool.Win32.SpywareProtect2009). Once installed, this anti-malware program attempts to scare the user by notifying the user that a "virus" had been detected on their PC and requests the user to pay $49.95 to remove this so called "virus".
At the same time, an email worm by the name of Email-Worm.Win32.Iksmas will also be downloaded. This worm steals user data and sends out spam using the infected host. One more interesting point about this new Kido variant is the author configured a self termination date of May 3rd (date-limited functionality until 3rd May 2009). Why? We are still trying to find out. Perhaps the next Kido update will provide us with more clues.
Posted by: Netgear Threat Lab at 12:09 PM
Categories: Malware , Netgear Threat Lab , Phishing , Spam , Viruses , Worms
