Microsoft wants your feedback on security bulletin information. Survey here: Security Bulletin Survey
Archive for May, 2011
Cybercriminals Hoping You’ll Bite iPhone 5 Bait
By derek | Filed in Apple, browser, Exploits, Iphone, Malware, Phishing, Rogue Software, scams, Warnings and AlertsOnline criminals know there are enough gadget hounds out there to make a scam surrounding any shiny new Apple device a surefire moneymaker. To that end, they’ve already begun sending out phishing emails for the iPhone 5.
The phishing emails appear to be official emails from Apple.com, with the title “Finally. The amazing iPhone 5. Now available in black edition.” The body of the message shows a hand holding a transparent iPhone, followed by an enticing offer to “check it out,” according to MacRumors.
Although there’s been much speculation about the next generation iPhone, Apple has not set a release date for it. In fact, Apple hasn’t even announced it yet, but that isn’t stopping this cleverly crafted Mac-themed scam from spreading.
So what are you checking out when you click the link to see the new iPhone 5?
You won’t receive any info about the smartphone, but you will enable a rigged Windows file to run malicious code on your computer. And you’ll also be taken to a phony Apple Web page that asks for your Apple ID and other sensitive information.
Apple announces new products, especially ones of this magnitude, in highly publicized press conferences. So if you receive an unsolicited email purporting to have information about the new iPhone 5, ignore it, DELETE IT WITHOUT EVEN READING IT.
story from: http://www.securitynewsdaily.com/cybercriminals-hoping-youll-bite-iphone-5-bait-0813/
This malware is quite well detected by many antivirus companies, but not all. It is a fairly standard Zapchast IRC trojan that will attempt to download lots of other crap & malware to your computer.
It also appears to try to perform a DDOS flood attack against several other competing Mirc users and channels to block their channels, so no doubt will turn out to be connected to the typical fake AV scams and stealing your money
I wonder how effective the phishers will be sending this to countless people.
I doubt that there are enough Irish speakers/readers in the world to make it worthwhile
Translated it says
Dear Applicant:
We have noticed that you are entitled to a refund amount 361.43
Complete the tax refund 24h: Tax Return Form 2011
Complete the tax refund 24h: Tax Return Form 2011
Thanks,
Irish Revenue
Irish Revenue
Irish revenue scam
I have received 5 of these in the last hour. 2 from chinese servers but 3 from different domains on Fasthost.co.uk servers. It looks to me that either fasthosts have been hacked again or they have open relays on their servers allowing bots & phishers to relay through them
new malware spam- order.zip
By derek | Filed in Exploits, Malware, Phishing, Rogue Software, scams, spam, Warnings and AlertsThere is a new spam bot out there sending a malware link. see screenshot
screenshot of typical spam email
all emails so far appear to originate from a Ukrainian server noc.maximuma.net 91.196.148.8 which may or may not have been hacked, but web searches suggest that lots of spam & malware is being distributed via that server hosting company
So far I have seen several different sites hosting the malware and the senders & recipient email addresses are all random or spoofed
At present antivirus detection is very sporadic but samples have been sent to all known AV companies so I do expect a better detection rate very shortly
The current payload is always order.zip, which when extracted pretends to be order.doc but has a lot of spaces then .exe so simply clicking on it will infect you
It appears to be a downloader or installer for one of the fake Antivirus programs, that currently plague us.
You can see a quick automatic analysis on the Anubis website From previous experience of this sort of malware and the locations it installs itself to , I would not be at all surprised if the malware shown in the Anubis report also installs the TDL4 bootkit
Update: they have changed the email slightly to something that resembles a previous attack attempt and included a “your credit card will be charged with xxxxx $
That always gets the unwary to follow the link, to check if it is their card that has been falsely charged
Revised updated email, showing alleged credit card charge
Results are coming in from many antivirus companies now, saying that it is a version of the spyeyes crimeware toolkit. Spyeyes is well described in this Symantec blog
