|
Archive for September, 2007
Sunday, September 16th, 2007
More phishing this weekend, as always. Apparently, the arrests of a suspected phishing group this past week in Germany didn’t net much of the phishing crime scene. This email bait arrived on Saturday, and appears to be much better designed than past emails. Little misspellings and giveaways can clue a reader in to fraud, however.
Let’s give this one a closer look, and pick out a few of the giveaways. The return addresses at “bankofamerica.com” usually are spelled correctly (outlined in red below), instead of the “bankoffamerica.com” below. Banks don’t use hyperlinks that include funny little ip addresses in the URL, or convuluted or misspelled words (unfortunately, the bank targeted in this example may send emails to their customers with hyperlinks to bankofamerica.com). Also, I believe the bank never contacts their customers with these sorts of security issues in this manner over email.
If you are using gmail and receive this kind of fraudulent mail, you can report it to have the site investigated. Click on the little blue arrow in the upper right hand corner of the message. A drop down menu appears, with the “Report phishing” option (outlined in red below). You can select this option to report the site to the appropriate handlers. Click on the image below to enlarge it:
Posted in Password stealing, Social Engineering, Spam | 3 Comments »
Saturday, September 15th, 2007
If you’ve got kids, don’t let them download any free games today. Oh yeah, you too.
It appears that the storm gang is now shifting their focus from football fans to children. This perpetual effort is changing, but its social engineering tactics appear to remain effective.
Today, an email arrived with the offer of 1000+ free games, here is the gimmick:
Subject: 1000 free games!
Message: “1000 plus games for free… Check it out hxxp://70.xxx.xxx.x3/”
If you receive this email message, DO NOT click on the link. The web site identifies your browser (IE, Firefox, Opera) and delivers a matching and reliable exploit with multiple malicious payloads. If your browser and component plugins are fully patched, all of the images are linked to their malicious downloader “ArcadeWorld.exe”. This exe is related to the same bunch of malicious executables that no one wants on their system. We have seen variants of them since at least January (and possibly last November) from these guys — rootkits, unwanted p2p components joining your system to a botnet, downloaders for pulling down more malware, DDoS components to make your the victim’s system an attacker, and spam mailer components. DO NOT run this file.
Here is an image of the website. DO NOT visit it:
Posted in Bot, Exploit, Rootkit, Social Engineering, Storm | No Comments »
Thursday, September 13th, 2007
Wow. I used to get messages asking about sites like this one from my friends and family, but they weren’t quite so convincing. This phish is flapping.
Supposedly, my bank just contacted me 10 minutes ago about a problem with my account. Here is the message:
Subject: Bank of America Account Review Department !
“We recently have determined that different computers have logged onto your Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us.If this is not completed by September 16, 2007, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner. To confirm your Online Banking records click on the following link: hxxp://64.xx.72.1×7/www.bankofamerica.com/index.htm“
Oooo this message looks urgent, I might not complete it by September 16th…when I click on the link from a system in our lab (do not do this from your system), the site my browser is directed to looks like an exact replica of the Bofa site. However, this site is not hosted by the Bank of America (a clue is the ip address used in the URL). But it is happy to take my banking username and password!
Lesson to be learned here — just like answering the phone, don’t give out information to anyone just because someone is asking you for it.
DO NOT visit the site, DO NOT provide your username or password:
Posted in Password stealing, Social Engineering, Spam, cybercrime | No Comments »
|
|
|
|
