Facebook Scam for Stalkers
If you are like me, you might feel bad about leaving your dog home alone all day while you are at work. So to alleviate his boredom, I’ve let him sign up for his own Facebook. Being new to the social...
View ArticleExtracting Digital Signatures from Signed Malware, (Sat, May 11th)
Sometimes attackers digitally sign their malicious software. Examining properties of the signature helps malware analysts understand the context of the incident. Moreover, analysts could use the...
View ArticleAdobe Reader and CRLs
There’s something that I wanted to test out for quite some time, but kept postponing until recently. Adobe Reader will ask confirmation before it retrieves a URL when a PDF document contains an action...
View Article“Confidential – Secure Message from AMEX” spam / SecureMail.zip
This fake Amex email has a malicious attachment:Date: Tue, 14 May 2013 01:34:36 +0600 [15:34:36 EDT]From: American Express [Jarvis_Randall@aexp.com]Subject: Confidential – Secure Message...
View ArticleBank of America spam / RECEIPT428-586.doc
This fake Bank of America message has a malicious Word document attached:Date: Tue, 14 May 2013 10:16:05 +0500 [01:16:05 EDT]Subject: Your transaction is completedTransaction is completed....
View ArticleSucuri CloudProxy WAF – Fake Bots Explained
One of the most common questions we have been getting since launching our CloudProxy WAF is regarding bot activity and why it appears that we are blocking Google and / or Bing bots. Inside the...
View ArticleFake YouTube page targets Chrome users
Fake YouTube pages are one of the favored ways attackers leverage to get users to click on malicious content. These fake pages often look the same, but the source code can reveal a new twist. This...
View ArticleGlobo.com redirecting users to Spam ads
Globo.com, one of the largest Brazilian web portals (ranked #107 on Alexa and #6 for Brazilian traffic) appears to be compromised and all visits to it are being redirected to a sub page inside...
View ArticleThe Revolution Will Be Written in Delphi
Since it has been a little while since we profiled a DDoS botnet family on the blog, let’s take a look at Trojan.BlackRev (also known as the “Black Revolution” trojan.) It was named for the Mutex set...
View ArticleTwitter Adopt 2FA; Here Is What You Can Do
In the wake of recent account compromises, including Associated Press and the rampant breaches orchestrated by the "Syrian Electronic Army", Twitter have recently released 2FA (2 Factor...
View ArticleFrom a Site Compromise to Full Root Access – Symlinks to Root – Part I
When an attacker manages to compromise and get access to a website, they won’t likely stop there, they will aim to gain full root (admin) access to the entire server. If there are more websites hosted...
View ArticleChase “Incoming Wire Transfer” spam / incoming_wire_05242013.zip
This fake Chase “Incoming Wire Transfer” email has a malicious attachment.Date: Fri, 24 May 2013 09:18:23 -0500 [10:18:23 EDT]From: Chase [Chase@emailinfo.chase.com]Subject: Incoming...
View ArticleFake ‘Facebook Profile Spy Application’ Campaign Spreading Across Facebook
Over the last couple of days, multi-tasking cybercriminals have been spreading a “Facebook Profile Spy” campaign across Facebook, enticing users into installing a rogue Chrome extension, next to...
View ArticleiOS7 announcement prompts themed ransomware kits
At Websense® Security Labs™ we recently spotted an interesting case of a phishing domain related to the imminent release of the Apple iOS7 Operating System. As gossips circulate news in the wild...
View Article“Fiserv Secure Email Notification” spam with an encrypted, malicious ZIP...
This spam email contains an encrypted ZIP file with password-protected malware.Date: Mon, 3 Jun 2013 14:11:14 -0500 [15:11:14 EDT]From: Fiserv Secure Notification...
View ArticlePhishers target Yahoo users
Yahoo Mail introduced two-factor authentication in December 2011. Two-factor authentication can be used to prevent suspicious access to an account (login from a different country, numerous failed login...
View ArticlePhishing – Alive and Well
Last week I was getting caught up on the usual deluge of emails, and one caught my eye.I’ll admit, at first glance, I almost clicked without thinking.Take a look: Sure looks like your typical Amazon...
View ArticleMalware-Serving “Who’s Viewed Your Facebook Profile” Campaign Spreading...
A currently ongoing Facebook spreading malware-serving campaign, entices users into downloading and executing a malicious executable, pretending to be a “Who’s Viewed Your Facebook Profile” extension....
View ArticleWells Fargo spam / Important WellsFargo Doc.exe / Important WellsFargo Docs.exe
This fake Wells Fargo spam run comes with one of two malicious attachments:Date: Mon, 10 Jun 2013 13:00:13 -0500 [14:00:13 EDT]From: Anthony_Starr@wellsfargo.comSubject: IMPORTANT –...
View ArticlevBulletin Conditional Malware – myFTP.biz Malicious iFrames
We have to be honest here, there’s no fun in cleaning up infected .htaccess files. It’s boring, but it happens a lot! But it’s not the case here. I will also caveat that while in this specific instance...
View Article