Olympic SPAM arrives...
Apr 5, 2012 - "... Users dreaming of watching the closing ceremonies of the London 2012 Olympics live may find the said offer hard to resist as Visa Golden Space is supposedly inviting users to join a lottery for a chance to win a travel package for the said event. Note that the said offer is non-existent. We also spotted a malware that arrives as a file named Early Check-In 2012 London Olympics.doc. This file, detected as TROJ_ARTIEF.XPL, exploits the RTF Stack Buffer Overflow Vulnerability found in several versions of Microsoft Office components. If it’s successful, it drops several other -malware- on your system, which Trend Micro detects as TROJ_DROPHIN.A and TROJ_PHINDOLP.A. This is not the first scam that uses this event to get users clicking. As early as 2008, Trend Micro has spotted a spammed message purporting to be a lottery drawn by the London 2012 Olympics committee. In May 2011, we also reported on a -spam- campaign that used London 2012 Olympics as bait. In addition, our social engineering e-guide mentions seasons and events as jump off points used by crooks. Online deals that look like they’re too good to be true, suspicious email messages promoting great but non-existent offers are also some of the tools used to lure users. All these tactics may lead to you inadvertently giving out your personal information, or for malware to be downloaded on your computer. Your personal information is not worth the risk of a chance to win a non-existent chance to win a lottery. Before clicking on that email link, investigate."
Fake AT&T wireless bill links to malware
Apr 5, 2012 - "Large outbreaks of phony AT&T wireless emails* have been distributed in the last 2 days. The emails describe very large balances ($943 in example), that are sure to get aggravated customers clicking on the included links... Every link in the email leads to a different compromised site that has malware hidden inside. In the example below** this means -9- (!) different URLS – most emails with links to email limit themselves to one or two links.
The index.html file tries to exploit at least the following known vulnerabilities:
Libtiff integer overflow in Adobe Reader and Acrobat – CVE-2010-0188
Help Center URL Validation Vulnerability – CVE-2010-1885
Recipients who are unsure whether the email they have received is genuine or not (the malicious version is a very accurate copy) should mouse-over the links. Genuine emails from AT&T will include AT&T website links. For example the “att.com” link will be the same in both places that it appears in the email – unlike the malicious version which uses 2 very different URLs. The fully functional homepage of one of the compromised sites is shown below. For more information about compromised websites see Commtouch’s report*** compiled in association with StopBadware."
Verizon-themed SPAM emails lead to ZeuS
March 29, 2012
Edited by AplusWebMaster, 08 April 2012 - 07:09 AM.