Category Archives: Online Fraud

We’ve been anxiously awaiting that first patch of the year, and here we have it:“Vulnerabilities in SMB Could Allow Remote Code Execution“. The excitement for this one could be either downplayed or up-played. The MS09-001 patch replaces the patchwork not-completely … Continue reading

Posted in Online Fraud, The Law | Leave a comment

We’ve been watching a long list of domains that serve up whatever filename you give them, but they provide nothing but a good old fashioned Rogueware downloader, which sometimes goes by the family name Trojan-Downloader.Renos, or Trojan.Fakealert. It’s one of … Continue reading

Posted in Online Fraud, The Law | 5 Comments

Creating, operating and expanding the Waledac botnet is an ongoing effort, similar to the Storm operation that had dwindled this past year. The Waledac operators have automated a fairly predictable registration and setup of their malicious web sites and corresponding … Continue reading

Posted in Online Fraud, The Law | Leave a comment

Unfortunately, a handful of legitimate online greeting card sites continue to be spoofed as parts of the ongoing successful Waledac threat.While it is similar to the Storm threat, the shameless ripoff of multiple greeting card sites are even more blatent … Continue reading

Posted in Online Fraud, The Law | 1 Comment

In yet another Marguerite-esque scheme, a file being presented as an mp3 codec is not a codec. Not surprisingly, the file turning up in the ThreatFire community is related to crack sites and p2p networks. When run, this little fsg … Continue reading

Posted in Online Fraud, The Law | Leave a comment

It’s been a while since the previous post discussed commercial “intelligence gathering tool”. It would have seemed ridiculous, if this time it wasn’t UK government who thinks it’s acceptable to hack into home computers, spread malware via email, log users’ … Continue reading

Posted in Online Fraud, The Law | Leave a comment

Yesterday’s presentation at the Chaos Communication Congress by a handful of researchers brought to light that the use of MD5 for secure computing (digital certificates, SSL, etc) truly is gasping its last breath. A fine summary of the MD5 algorithm … Continue reading

Posted in Online Fraud, The Law | 1 Comment

In a throwback to the Storm campaigns that we heavily reported on in 2007, another group has been spamming out links to malicious Season’s Greetings’ sites (a list of domains previously serving up “ecard.exe” variants can be found here), attempting … Continue reading

Posted in Online Fraud, The Law | Leave a comment

Zbot is the kind of malware you really don’t want to see on anyone’s computer, stealing banking passwords and financial information. We’ve been seeing more reports and ThreatFire preventions of the malware delivered along with a somewhat common email-based social … Continue reading

Posted in Online Fraud, The Law | 3 Comments

As published in the previous blog post, analysis of the current version of Koobface uncovered a very interesting part about it – its “ability” to resolve CAPTCHA protection at the Facebook web site. To put it simply, if Koobface was … Continue reading

Posted in Online Fraud, The Law | Leave a comment

The banking trojan Zbot (aka WSNPOEM/Zeus/PRG) is still circulating “in-the-wild” in various modifications. If you are tracking Zbot submissions at ThreatExpert web site, you might find useful the following tool that decrypts the contents of the configuration files downloaded by … Continue reading

Posted in Online Fraud, The Law | Leave a comment

Antivirus 360 is the new Antivirus 2009 indeed. It is spreading using the same old commodity plugin exploit techniques as AV 2009. Be sure to update any QuickTime Player or Adobe Plugins that you may be running to the latest … Continue reading

Posted in Online Fraud, The Law | Leave a comment

Antivirus 360 is the newest Rogueware in high prevalence, while Virustotal AV detection results are extremely low, currently at 3/36. Our ThreatFire community is seeing and preventing far too many hits on this stuff today. It shamelessly re-uses the same … Continue reading

Posted in Online Fraud | 15 Comments

Koobface worm has already been described enough, but a few details about its functionality can still be interesting to the reader. This post is an attempt to crack it to the bottom. TECHNICAL SUMMARY Koobface starts from checking if its … Continue reading

Posted in Online Fraud | Leave a comment

Earlier last week, we first posted our usual warning about the spike in Koobface threats that our ThreatFire users were being protected against on their systems. That post set off some interest in the worm again. The last spike in … Continue reading

Posted in Online Fraud | Leave a comment

A suspected IE7 0day has surfaced on servers in China. Ryan Naraine posted information earlier this morning on the state of the patch and the exploit. A couple of our ThreatFire users unfortunately visited the site, but fortunately they have … Continue reading

Posted in Online Fraud | Leave a comment

A somewhat behind the scenes Crimeware-as-a-service scheme opened up shop a few weeks ago in time for the holidays, but to a lack of “customers”. Currently, the service is set up to host 30 customer sites, and since November, the … Continue reading

Posted in Online Fraud | 1 Comment

ThreatFire team has busted another “in-the-wild” ZBot trojan. Interesting detail this time is that the trojan is currently hosted at the server with the IP 92.48.71.14 – this is a web server of “London Escorts & Escort Agencies” and its … Continue reading

Posted in Online Fraud | Leave a comment

Koobface contains a lot of interesting tricks, components, and schemes to write about. In the interest of keeping this post somewhat brief, we’ll focus on an anti-emulation technique that may be keeping the AV detection rates low for repacked and … Continue reading

Posted in Online Fraud | Leave a comment

Sometimes you get a crystal ball prediction and gimmickry. Sometimes you get something with real insight. Dave Aitel’s real insight on DailyDave this morning focused on a NY Times article about the U.S. federal government’s National Security Presidential Directive 54/Homeland … Continue reading

Posted in Online Fraud | Leave a comment

We are analyzing the binaries and koobface processes and will provide detailed technical information later — this one performs lots of process, system admin, file create/delete activity, and each one has a tricky anti-emulation trick that we’ll describe here. Also … Continue reading

Posted in Online Fraud | Leave a comment

A new mass-mailing worm is making its rounds by promoting a Hallmark e-Card, McDonald’s Coupon, or Coca Cola Christmas Promotion. Full worm description (manual analysis) is provided here. Automated threat analysis generated this write-up. ThreatExpert automation tricked this threat with … Continue reading

Posted in Online Fraud | Leave a comment

“Koobface”. Like “Facebook”, only sort of backwards. Clever. Social networking worms like the Koobface family are a reality, and their prevalence shows on our threatfire community. Users of facebook need to be aware that links appearing on friends’ facebook pages … Continue reading

Posted in Online Fraud | 5 Comments

Xxx41.exe is a filename commonly associated with a trojan-downloader family that we’ve seen prevented all over the community for the past couple of weeks. It sometimes is dropped and run by phony video codecs with names like “moviecodec.278.exe”, “k-codec.232.exe”, etc. … Continue reading

Posted in Online Fraud | Leave a comment

If you find yourself installing and running cracks and keygens that you’re downloading over Limeware, stop what you’re doing. First, stop using cracks and pirated software. Secondly, nothing truly is for free. Limewire users have been seeing various keygens offered … Continue reading

Posted in Online Fraud | 2 Comments

Malware shows up in the most unexpected places. One of my previous colleagues regularly considered the idea of computer infections ridiculous, but wired Windows systems really are ubiquitous. And this last week’s Thanksgiving trip provided another location to observe computer … Continue reading

Posted in Online Fraud | Leave a comment

According to this publication, the senior military leaders reported the malware breach incident that affected the U.S. Central Command network, including computers both in the headquarters and in the combat zones. The threat involved into this incident is referred as … Continue reading

Posted in Online Fraud | Leave a comment

This write-up is a follow-up to an excellent research conducted by Julia Wolf from FireEye that gives an insight into the algorithm used by Srizbi bot to calculate the domain name of its controller. A general ability to predict what … Continue reading

Posted in Online Fraud | Leave a comment

Press Release

Posted in Online Fraud | Leave a comment

When federal government systems are hit with malware, the incidents often receive no public reporting. However, the slew of infections from removable drive based worms have become so bad on the U.S. Dept of Defense’s infrastructure that they’ve banned usb … Continue reading

Posted in Online Fraud | Leave a comment