Category Archives: Online Fraud

The Storm continues to fall, and while their Valentine’s Day message started early in January 2008, we see users continuing to fall for the sweet message of love. Tonight, we observed this site serving up malicious love from Flint, Michigan. … Continue reading

Posted in Online Fraud | Leave a comment

What do you get when you put 40+ AV and software security experts together in a room with testing organizations? It sounds like a bad joke, but it happened for the first couple of days this week in Bilbao, Spain. … Continue reading

Posted in Online Fraud | Leave a comment

Some things arrive way too early. This time, it’s the Storm worm. The Storm gang is starting early on the Valentine’s day theme, and we are receiving emails from these affectionate souls, trying to deliver “withlove.exe“, and other malicious vday … Continue reading

Posted in Online Fraud | 1 Comment

A new round of the FakeAlert family has been released this past weekend, the same family of rogueware components that Alex Eckelberry of Sunbelt has posted. We are seeing a surge in hits for new components installed as “MultiMedia Software” … Continue reading

Posted in Online Fraud | 2 Comments

If you are yet unaware, Microsoft pushed out another couple of security updates this month and posted about it in their new “Microsoft Vulnerability Research and Defense” blog. Msoft started it a couple of weeks ago, providing lower level technical … Continue reading

Posted in Online Fraud | Leave a comment

One of the highest hitting worms that ThreatFire encountered over the past week is a worm designed to target online game player logins by dropping a password stealer and rootkit components on infected systems. We previously blogged about the help.exe … Continue reading

Posted in Online Fraud | Leave a comment

Yesterday, we were further analyzing an executable that we recently haven’t been seeing all that much of, tmpms45.exe. The filename is familiar, as sometimes various executables with that name are delivered by malicious emails or malicious web pages. Most often, … Continue reading

Posted in Online Fraud | Leave a comment

As predicted in an earlier post, the slow cooker has been heating it up. Several years of the Fbi’s efforts are resulting in more 2008 arrests related to botnets and cybercrime. Eleven people are indicted in this case, involving spam … Continue reading

Posted in Online Fraud | Leave a comment

We are seeing a number of hits from binaries served up from the Ukraine via web pages’ prompts from domains registered in China and hosted in the U.S. Now that’s international.These sites in the Ukraine are linked to by servers … Continue reading

Posted in Online Fraud | Leave a comment

In yesterday’s post, I mentioned that the ChaseNET forums have been shut down. The distribution links for their SharK project, Bifrost and Poison Ivy Rat (Trojan) suites also have been removed. These projects could arguably be described as “Remote Administration … Continue reading

Posted in Online Fraud | Leave a comment

AV veteran Peter Ferrie of Symantec noticed that the vx scene he has been fighting for so long has been winding down. The scene’s virus writers are beginning to post their farewellz and shoutz on the 29A forums and others. … Continue reading

Posted in Online Fraud | Leave a comment

In a post earlier this month, I presented steps for unpacking and restoring the IT/IAT of a suspicious BHO for analysis purposes. In that case, it was packed with a tool called “Upack”, otherwise known as the “Ultimate PE Packer” … Continue reading

Posted in Online Fraud | Leave a comment

A “Strategy” thread was started on the DailyDave mail list by Dave himself, criticizing information warfare papers:“If you’re reading an information warfare book or paper you’ll invariably see a lot of:1. Inane references to Sun Tzu (or, in some even … Continue reading

Posted in Online Fraud | Leave a comment

What a generous way to bring in the new year. The Storm/Peacomm gang, the same group whose activities we presented at VB2007 and posted about previously, has not disappeared. The holidays brought a round of Christmas-themed spam, complete with a … Continue reading

Posted in Online Fraud | Leave a comment

With one of the corniest titles you’ll see (Pinch authors Pinched), the Kaspersky blog in Russia stated that the original authors of the Pinch trojan have been arrested:“Today Nikolay Patrushev, head of the Federal Security Services, announced the results of … Continue reading

Posted in Online Fraud | Leave a comment

Joining the bandwagon of future tellers, Cisco recently read the collective palm of malcode writers and cybercriminals everywhere and released what they saw in their annual security report. Seriously though, the report takes perspective on some pretty massive themes and … Continue reading

Posted in Online Fraud | Leave a comment

In a previous post, I mentioned that we could use c code to analyze some shellcode currently being posted in the wild by malicious web site operators. These malicious websites are delivering malware by exploiting several Windows based vulnerabilities. The … Continue reading

Posted in Online Fraud | Leave a comment

Ok, this one is a bit late, but I don’t stop by the Merriam Webster dictionary every day:W00t is the official word of the year We have heard the w00ting that goes along with 0day and additional exploit releases from … Continue reading

Posted in Online Fraud | Leave a comment

Here’s some favorite c that I use to reverse engineer shellcode that I collect from malicious files, malicious web sites and attacking network traffic: unsigned char shellcode[] = “”; void main() { void (*c)(); printf(“Shellcode it is!\n”); *(int*)&c = shellcode; … Continue reading

Posted in Online Fraud | 1 Comment

While the Oak Ridge National Lab may be known for high tech research like analytical chemistry, neutron science, and providing technology and expertise to support national and homeland security needs, they also might become known for a recent breach of … Continue reading

Posted in Online Fraud | Leave a comment

We are seeing a strong surge in the spread of a game password-stealing worm. A number of reports online have described the infection occurring when the user was copying files over a usb drive. The files that we are seeing … Continue reading

Posted in Online Fraud | Leave a comment

Dave Aitel, founder of ImmunitySec, sometimes comments on Halvar Flake’s and Sabre security (oops, I mean zynamics) projects. They speak at a lot of the same conferences. He just happened to be flying back from jfk when a few deep … Continue reading

Posted in Online Fraud | Leave a comment

SecurityCompass just released a couple of open source Firefox plugins, currently in beta, that examine web site pages for XSS and SQL injection vulnerabilities:“Currently in their beta release stage, these open source (GPL v3) FireFox plug-ins search through web applications … Continue reading

Posted in Online Fraud | Leave a comment

Two teen botnet herders that went by the aliases Akill and Digerati were arrested by the fbi and New Zealand authorities.“The FBI estimates that more than one million computers have been infected and puts the combined economic losses at more … Continue reading

Posted in Online Fraud | Leave a comment

While the usual yearly predictions are coming out from large av scanner vendors, here’s an interesting article containing an ex-CIA official’s statements on how many attacks occurred against the federal government in 2007 alone. The numbers are staggering, when considering … Continue reading

Posted in Online Fraud | Tagged , | 1 Comment

Monday morning, Adam Thomas of the Sunbelt crew posted about a sick0 scheme to use the information from a shocking news story about the death of a girl to lure in new rogueware IeDefender victims. While we haven’t seen a … Continue reading

Posted in Online Fraud | Leave a comment

This morning, we were observing a surge in hits from an Armadillo/SoftwarePassport packed Rbot variant. It looks like this one might be distributed over a P2P network. AV scanner detection appears to be fairly spotty for now: When we are … Continue reading

Posted in Online Fraud | Tagged , | Leave a comment

Online games have always had the problems of cheats, password stealers and bots. Volumes of information have been written on the topic, including Hoglund and McGraw’s published material. In response, game developers at studios like Blizzard Entertainment and Amped have … Continue reading

Posted in Online Fraud | Tagged | 1 Comment

In an interesting move, Microsoft is returning more drive-by exploitation functionality to their Internet Explorer browser:“Back in April 2006, we made a change to how Internet Explorer handled embedded controls used on some webpages. Some sites required users to “click … Continue reading

Posted in Online Fraud | Leave a comment

We continue to see lots of triggers from files that appear to have names resembling image files. Be very careful with these sorts of files, here is an example filename that is causing problems in-the-wild (on users’ systems, or ITW):PHOTO3.JPEG-WWW.IMGUPLOAD.COM. … Continue reading

Posted in Online Fraud | Leave a comment