Top
Search Disaster Preparedness Blog

Entries in Malware (3)

Friday
Mar192010

Your Facebook Password Has Been Reset - Facebook Users Target of Latest Trojan

DateFriday, March 19, 2010 at 1:34PM | |

According to Dave Marcus Director of Security Research and Communication at McAfee, the messages are targeting 400 Million Facebook users, and was detected by customers using their security software.

Marcus said the spam run contained a variety of malware programs, including password stealers, rogue antivirus programs or botnet code.

He also went on to say that No Web site would automatically reset someone's password and send the new one in an e-mail. Facebook's high number of users makes it a prime target for spammers and hackers.

The messages say that the user's Facebook password has been reset and the user should download an attachment that contains the new password. The English-language messages are grammatically correct, but contain an odd sign-off: "Thanks, Your Facebook." McAfee has included a screenshot of the message on their blog.

AuthorKeith Erwood | CommentPost a Comment | Reference6 References
tagged , , , , , , in , , ,
Monday
Jun222009

"Nine-Ball" Attack Has Compromised 40,000 Sites

DateMonday, June 22, 2009 at 3:40PM | |

According to SC Magazine:

The attack is called “Nine-Ball” because of the name of the final, malicious landing page, which is loaded with drive-by exploits, that unsuspecting users automatically are redirected to if they visit one of the compromised sites.

Ninetoraq.in, the exploit site, contains malicious code that looks for already patched vulnerabilities in Acrobat Reader, QuickTime, Microsoft Data Access Components (MDAC) and AOL SuperBuddy, which it then attempts to exploit, Stephan Chenette, manager of security research at Websense, told SCMagazineUS.com on Wednesday.

The flaws have all been patched; some date back to 2006, Chenette said. But, the Reader and QuickTime vulnerabilities are newer, making it less likely that users are patched for them. If the maliciouscode finds an unpatched vulnerability to exploit, it either drops a malicious PDF file or a trojan designed to steal user information, Chanette said.

All of the exploits currently have low detection rates, he added.

For Full Story:

"Nine-Ball" mass injection attack compromised 40,000 sites

 

 

AuthorKeith Erwood | CommentPost a Comment | Reference2 References
tagged , , , , in
Monday
Jun082009

Malware On ATMs Allowing Criminals To Steal Data and Cash

DateMonday, June 8, 2009 at 8:12AM | |

Approximately 20 ATMs have been found in Europe that have malware on them allowing thieves to steal cash as well as acount data and PINS from account holders.

The ATMs are located mostly in Russia and the Ukraine however their seems to be indications that the Unites States may have compromised ATMS as well.

Since the malware needs to be directly installed onto the ATM an insider is suspected but whether that insider works at a bank, an ATM vendor, a company that services the machines or someone close to an insider is unknown at this time.

The discovery was made by SpiderLabs at Trustwave.

The ATMs were running the Windows XP Operating System and had an executable on them that was masquerading as a legitimate Windows protected storage service, he said. The malware looks at all the data being processed by the ATM and records account information that is stored on the magnetic stripes on cards inserted into the machine and encrypted PIN blocks that are generated when someone types in their personal identification number.

Even though PINs are encrypted, the criminals could potentially intercept the encryption keys exchanged with the bank and use them to decrypt the PINs or even use other methods to decrypt the keys once they have the information.

For more on this story please refer to the reference below.

AuthorKeith Erwood | CommentPost a Comment | Reference2 References
tagged , , , , , in