Help | Contact | Forum | Affiliates | Press
Purchase
Download
Features
Screenshots
Demo
Google Gmail was knocked out of service yesterday which prompted several malware and phishing attacks during and after the outage. It was one of the most bizarre twists which happened during peak hours on the Web. Google Inc Gmail was disrupted yesterday which prompted malware and phishing attacks during the outage. The email provider blamed the problem on scheduled routine maintenance. Apparently, the data center became overloaded and had a shutdown which caused the blackout. "The outage itself lasted approximately two and a half hours from 9.30am GMT. We know that for many of you this disrupted your working day. We’re really sorry about this, and we did do everything to restore access as soon as we could," Acacio Cruz, Gmail Site Reliability Manager, said in a statement. While several Google Apps services were down, including Gmail, a phishing attack started from one of the Google Groups pages which contained links to malicious files. The Group page contained the words "Gmail down" which was indexed by the search engine. When users typed "Gmail down" in the search box, they were directed to the pages containing the malicious links.
Users of eWEEK and several other web sites belonging to Ziff Davis Enterprise on Tuesday were hit by a malicious Acrobat PDF file served through advertisements on the site. The attacks were shut down shortly after being identified. As eWEEK explains, the abusive PDF did not utilize the new Acrobat vulnerability that has gotten a lot of attention lately, but rather an earlier one patched by Adobe in November. Users with Acrobat 8.1.2 and earlier were affected; just by surfing to the site they may have had the PDF opened by default, causing the download and installation of a rogue anti-virus program called Anti-Virus-1. This name might ring a bell with users; click here to see why. Ziff Davis Enterprise is the publisher of eWEEK and a number of other enterprise-focused publications. I should add that I also write for them. I am a former Technical Director at the Labs at both PCMag and eWEEK. [Ziff Davis Media and Ziff Davis Enterprise used to be part of the same Ziff Davis Publishing company, but they have been separate companies for some time now. And to clarify, or perhaps confuse you further, ZDNet, which also used to be part of the Ziff Davis family, is owned by CNet which is owned by CBS. Clear as mud, right?] Back to yesterday's advertising hack, my own blog on the matter for eWEEK describes how another eWEEK techie and I investigated and found the sources of the malware. This is not the first time this sort of thing has happened. At no time was eWEEK itself compromised; it was the ad networks that were.
Starting earlier this morning our Threat Operations Center started tracking a new Classmates.com themed spam email that links to a video site that contains malware. The sample messages that we have received have a from line that spoofs that classmates.com domain and would appear in your mail client as "Classmates [random word] Center" where [random word] is words like "updates" or "manager" (So, it would appear in your mail client as "Classmates updates Center" or "Classmates manager Center" (note the lack of capitalization of the added middle word) where "Classmates" and "Center" are capitalized. The message content is fairly static with a few variations between the samples. Below is a copy of one of the emails: Special video report February 25, 2009: One of your classmates has sent you a video invitation: "Read the story and see photos of my wedding and our tour,Please discover our video invitation to your family. I hope to get back from you soon..." Proceed to open full message text: hxxp://classmates.registration.history.messagecentre-nrb7dkn5g.session764.com/videoL83.htm?/initiated/INVITATION=96ots3jbdyachqc Sincerely, Corine Sutherland. 2009 Classmates Organisation Message Centre.
WILLMAR, Minn. (WCCO) ―In the past couple of days spam mail has begun showing up in people's in-boxes enticing us with a "stimulus check" offer. Do you remember that stimulus check mailed to you last year that was supposed to help jump start the faltering economy? Not only did it not prevent the country from falling into a deep recession, but it's also not coming back. This time around the U.S. taxpayers will be getting a little more in their paychecks starting in June -- about $12 a week. That's vastly different from last year, when rebate checks ranging from $300 to $1,200 were mailed to a majority of American households. However, in the past couple of days spam mail has begun showing up in people's in-boxes enticing us with a "stimulus check" offer. Vivian Bonnema, 83, started getting the spam on Monday, just a day before President Barack Obama signed the stimulus package into law. She was surprised when she went to her computer and opened her mail, only to find a suspicious solicitation. Bonnema looked at the e-mail and read it out loud, telling us it claimed "a stimulus check in the amount of $613.27 is ready to be mailed today."
A critical vulnerability in Microsoft (NSDQ:MSFT)'s Internet Explorer 7 Web browser has opened up a path for hackers to launch attacks that execute malicious code on users' PCs. The new IE7 attack actively exploits a vulnerability already addressed by Microsoft in its monthly "Patch Tuesday" security bulletin release, issued last week. The vulnerability, detected over the weekend by security researchers at Trend Micro, stems from a flaw in the way the IE7 browser handles errors when attempting to access deleted objects. The threat is unleashed when users open a malicious attachment, such as a Microsoft Word document or PDF. A spammed file, which appears legitimate, is actually a malicious .DOC file that contains an ActiveX object that automatically accesses a site infused with malicious code. A successful exploit downloads a back door to victims' computers and further installs a malicious file designed to steal information. The malware then sends all stolen data to another URL via port 443. "The exploit is pretty serious in the way that you could run code and then escalate privileges," said Jamz Yaneza, Trend Micro threat research manager. "That back door eventually installs another piece of file that opens up your computer to anyone who knows about it. Basically your system is owned."
I have received a number of spam messages like this. You probably have, too. Note the incorrect punctuation, capitalization, spelling and grammar and awkward writing (the scammers, not mine). Q Greetings! I have gone to deposit your bank draft of $800.000. United States Dollars and some gift items my boss left for you with the Delivery Company. At the moment, our office is closed until early april. For your information, I have paid for the delivery charges and Insurance Premium of the bank draft. The only money you need to pay to the Delivery company for them to deliver your draft direct to you is $200.00 US Dollars being for security keeping of the bank draft. I would have paid this fee but they said no because they do not know when you will be contacting them. You have to contact theDelivery service now for the delivery of your bank draft. Contact detail is given below: Dispatch Director (Officer in Charge): Mr WEST ODUDUWA Please confirm your postal address and direct telephone number with the company to avoid any mistake on your delivery and ask them to give you the tracking number to enable you to track your package and know when it will get to you. Hope I have properly informed you. Yours faithfully, Mr. Markland Robert A We could thank Markland for his kind offer, but he is simply trying to get $200 from us. We will never see the $800.000 he is offering. (Note the period instead of a comma in that number.) I have heard from people who said it might be worth the $200 to see if the $800.000 offering is real. It isn't. It never is. This type of scam will never go away because it works. The Federal Trade Commission says that victims report annual fraud losses of more than $1 billion or about $350 per victim.
GREER, SC - Mailprotector, a technology leader in fully managed email security services, today issued safety recommendations to all email users based on a report from the United States Computer Emergency Readiness Team that two new types of email messages pose a threat to email users. The first type of malicious email is a phishing scam that appears to be sent from the U.S. Internal Revenue Service. The bogus email invites users who follow an embedded link to receive stimulus package payments. The unsuspecting users are asked to provide personal information either via a web site or an attached document and are promised a stimulus package check from the IRS. The second bogus email contains malicious code within spam email messages related to Valentine's Day. The messages include a link to a website that is filled with hearts and instructions to users to select one image. Once an image has been selected the user will be prompted to download an executable file that can destroy computer systems. "Infiltration of a corporate email network can have devastating effects," said David Setzer, CEO, Mailprotector. "Unfortunately, the reality of the world today is that some people find profit by doing harm to those who are unsuspecting. Tricking people into giving up personal information or having them install software that can collect valuable customer data from companies can have far-reaching and long-last effects for all involved. It is crucial in today's economy to proactively guard against all forms of email crime." ,
Microsoft is offering a reward for the capture of the person behind the huge Conficker botnet. The company said on Tuesday that it would pay $250,000 (£172,000) to anyone who can provide information that leads to the capture and conviction of the individuals behind the spread of the infection, and the maintenance of its network of infected machines. Also known as 'downadup', the malware exploded onto the internet last month, amassing millions of infections in just a few days. Microsoft is now hoping to enlist the help of online 'bounty hunters' to takedown the botnet. The reward will be open to any individual in any country. The software firm is also enlisting the help of security firms and web maintenance organisations, such as Symantec, F-Secure and the Internet Corporation for Assigned Names and Numbers.
In response to the Conficker worm's massive infection of millions of PCs worldwide, industry heavyweights including Microsoft, Symantec and others today announced they're forming a new team to fight back against the worm. In addition to the team's mission to grab domain names Conficker (aka Downadup) might try to use, Microsoft is offering a fat $250,000 reward for information that leads to the arrest and conviction of those responsible for the worm. The reward is available to residents of any country, Microsoft says. Conficker's Achilles heel is its need to receive orders from a server on the Internet. The worm checks a list of up to 250 different domain names each day for instructions. Normally, cycling through 250 different names would likely be enough to ensure that the good guys would be unable to keep up, as Conficker's controllers would theoretically only have to register one of those domains per day to control their massive herd of malware. But Conficker's notoriety has prompted the companies to coordinate their efforts and try to nab all the potential domain registrations before the bad guys can. Doing so would restrict the worm to receiving updates or instructions only through its secondary peer-to-peer capability, according to Symantec. From the description, that secondary ability would likely limit the worm to making a peer-to-peer connection only with infected PCs on the same local network.
In another indication of how easy it is for malware authors to leverage Web 2.0 technologies, spammers have taken control of a Facebook site with more than 1.5 million users. The site, 5,000,000 against the new version of Facebook, was set up by Adam Stanborough in September for Facebook members unhappy with the social networking site's redesign in July. It gained one million members within 12 days, according to the Herald and Weekly Times. A blog posting at Graham Cluley's Make Money Fast said spammers had put up advertisements on the site. Cluley is senior technology consultant for security vendor Sophos, These advertisements are for get-rich-quick schemes and one is a guide on how to seduce women, according to the blog. A check of the site today though, by InternetNews.com, showed the ads had disappeared. "Our investigation showed a third party was involved in distributing the spam," Facebook spokesperson Barry Schnitt told InternetNews.com by e-mail. "We've cleaned up the site."
