Category Archives: Online Fraud

You Windows users should see a prompt for windows updates or some updates activity on your system. Microsoft released more than a handful of patches for Vista, WinXP, Win2000, Win2003 and Win2008 today. If you have not updated yet, go … Continue reading

Posted in Online Fraud | Leave a comment

And here we thought our vision was bad the other day when we were dizzy from seeing double. And here we thought our vision was bad the other day when we were dizzy from seeing double. And here we thought … Continue reading

Posted in Online Fraud | 2 Comments

It is a known fact that spambots and mass-mailers don’t really like firewalls and other network-based host intrusion prevention systems, as it’s a trivial task for them to detect and block SPAM traffic that flows via SMTP port. A newly … Continue reading

Posted in Online Fraud | Leave a comment

If you have received an email with a confusedly long link for a supposed Wachovia site that looks like http://commercial.wachovia.online.financial.business….cashman766.com/Service.htm, delete it. It seems that users in Great Britain are receiving these messages. That page will serve up file “wachovia_certificatev102.exe”. … Continue reading

Posted in Online Fraud | Leave a comment

Another MSN IM-worm is making the rounds, in an effort to create yet another IRC-based botnet. Almost all of the activity that we are seeing is coming from our user community in Italy, Spain, Argentina and Peru. A message will … Continue reading

Posted in Online Fraud | Leave a comment

When does BCD0236E965582D56DD365E44BD764FA5DFD6CBF312BB124AA2563B5C2 mean “:: Bradesco Pessoa Fosica ::”? Only when CD30ABC0221E5486A23D0F619DB27FC50110504DB9D3DC357893D269E177CB2D1BD1758CCC77AA93ED3DBA190A7BD914B80F5254919C2DC0D471B02CC20260CC4CB2C73A5B really means “HSBC Bank Brasil S.A. — Banco Muliplo — No Brasil e no mundo, HSBC”, of course. A couple of previous posts provided insight into what clues … Continue reading

Posted in Online Fraud | Leave a comment

You can check out a somewhat lengthy and fascinating article on recent cyber intelligence, SCADA systems and various actors on the global cyber stage at The National Journal. ‘Asked whether Washington knew of hacker involvement in the two blackouts, Joel … Continue reading

Posted in Online Fraud | 1 Comment

In a previous post, we opined that the Storm gang has been falling apart. By the looks of it, they can’t even write their web pages to display properly. In the below screenshot, we have a new and currently served … Continue reading

Posted in Online Fraud | Leave a comment

As predicted recently, a Flash exploit discovered by Mark Dowd (IBM X-Force) did not keep us waiting for too long until it started popping up in numerous "in-the-wild" web page infections. As per initial SecurityFocus/Symantec assessment, there are from 20,000 … Continue reading

Posted in Online Fraud | Leave a comment

What’s that? Winifixer! Here are some comments from the web site:“Statistics approve that virus and trojan attacks damage more than $3 million/hour and the new virus appears each hour. One of them, virus Sasser. A, infected million of computers at … Continue reading

Posted in Online Fraud | 1 Comment

Another misleading AV package keeps returning to our lists, modified by its writers and rereleased constantly to minimize AV detection and widen their window of opportunity to mislead users. As previously posted, the themes for this stuff change fairly frequently. … Continue reading

Posted in Online Fraud | Leave a comment

In part 1 of keeping strings real, strings were chased around in a disassembler to provide insight into the functionality of a piece of malware. Part two investigates the instance where there seem to be no recognizable strings in the … Continue reading

Posted in Online Fraud | Leave a comment

All malware researchers love strings. They allow us to gain valuable insights into the possible behavior of the sample being investigated. Even IT professionals, who do not research malware professionally, can make good use of these clues. Here’s a quick … Continue reading

Posted in Online Fraud | Leave a comment

Unpacking Rustock.C is a challenging task. If you are tired of boring crosswords or Sudoku puzzles and feel like your brain needs a real exercise, think about reversing Rustock.C – satisfaction (or dissatisfaction, depending on the result) is guaranteed. Rustock.C … Continue reading

Posted in Online Fraud | Leave a comment

Another open source fuzzing toolkit update was released today, the “Peach Fuzzing Platform v2.0″.Fuzz. As in Peach. Ha! Anyways, how does fuzzing effect the security of one’s computer? Directly, it does not. Indirectly, it does. Fuzzing an application or service … Continue reading

Posted in Online Fraud | Leave a comment

Several interesting surges in malware activity are showing up today. The most highly propagated that we are seeing is a large increase in the past 24 hours of an old friend that’s been labelled “Trojan.Agent”. The filename that we are … Continue reading

Posted in Online Fraud | Leave a comment

I came across another headline that needs some clarification. The FireFox effort doesn’t really deserve this one: “Firefox add-on infected with Trojan” The language pack add-on in particular, vietnamese_language_pack-2.0-fx-win.xpi, was not infected with a trojan. We inspected some of the … Continue reading

Posted in Online Fraud | Leave a comment

Unfortunately, targeted computer attacks commonly occur. This morning’s NPR show exposed such problems in regards to activists and journalists in China. Sadly, not much data is public about these sorts of attacks and it would be easy to speculate that … Continue reading

Posted in Online Fraud | Leave a comment

Some media attention has been given to the circulation of a number of malicious files found on gnutella networks accessed by LimeWire users. As always, please use caution when participating in these sorts of networks. Anytime files are shared amongst … Continue reading

Posted in Online Fraud | 1 Comment

2008 continues to live up to the title “The Year of Rogueware”. So far this year, bots, worms and viruses, all seem to live in the shadow of this type of activity. Users are actually trying to run this constantly … Continue reading

Posted in Online Fraud | 6 Comments

A new variant of Kraken (v317) demonstrates extremely stealthy memory techniques. This time, it dynamically decodes the chunks of code and data only when it needs them, leaving no traces behind that could be suitable for generic memory signatures. The … Continue reading

Posted in Online Fraud | Leave a comment

The AV industry was busy this past week amongst the blooming tulips in Hoofddorp, the Netherlands. Both an AMTSO conference and a CARO workshop was held the last three days of the week. A large group of attendees arrived for … Continue reading

Posted in Online Fraud | 1 Comment

The new version of Storm that was firstly seen over the last weekend now sends a clear message that the Storm group is not ready to give up, in spite of recent reports that Microsoft has used the power of … Continue reading

Posted in Online Fraud | Leave a comment

According to some recent reports, there are cases when the toughest CAPTCHA puzzles are resolved in a matter of dozens of seconds. The new automated bots were blamed in auto-registering Windows Live Hotmail, Windows Live Mail, Google’s GMail, and Google’s … Continue reading

Posted in Online Fraud | Leave a comment
Posted in Online Fraud | Leave a comment

The previous post provided a snapshot of the Kraken code responsible for generating dynamic DNS names. As it was mentioned, those names are pseudo-random as their original seed remains the same. ThreatExpert system reports the list of DNS names, but … Continue reading

Posted in Online Fraud | Leave a comment

A new variant of Kraken/Bobax bot, firstly seen in the wild on 14th April 2008, seem to be gaining a bit of power: over the last week-end, our ThreatExpert system has received around 50 of unique samples of it, and … Continue reading

Posted in Online Fraud | Leave a comment

Ok, I’m convinced, this group is falling apart. The storm gang has splintered off into separate directions. Some appear to be teaming up with the same bunch of guys that distribute rogue antispyware. In this case, they are providing exploit-less … Continue reading

Posted in Online Fraud | 1 Comment

Kraken bot, also known as Bobax, Bobic, Oderoor, Cotmonger, Hacktool.Spammer, is a template-based SPAM mailbot that was recently reported by Paul Royal, principal researcher at Atlanta-based security company Damballa (please read the reports here and here). At ThreatExpert site, there … Continue reading

Posted in Online Fraud | Leave a comment

There was a new feature added to ThreatExpert reports that some researchers might find useful. Whenever ThreatExpert comes across a filename or a threatname in a report, it will check if that name was previously mentioned in other reports. If … Continue reading

Posted in Online Fraud | Leave a comment