Q4-2013 McAfee Threat Report
Mar 10, 2014 - "... By the end of 2013, McAfee Labs saw the number of malicious signed binaries in our database -triple- to more than 8 million suspicious binaries. In the fourth quarter alone, McAfee Labs found more than 2.3 million new malicious signed applications, a 52 percent increase from the previous quarter. The practice of code signing software validates the identity of the developer who produced the code and ensures the code has not been tampered with since the issue of its digital certificate...
... Additional findings:
- Mobile malware. McAfee Labs collected 2.47 million new mobile samples in 2013, with 744,000 in the fourth quarter alone. Our mobile malware zoo of unique samples grew by an astounding 197 percent from the end of 2012.
- Ransomware. The volume of new ransomware samples rose by 1 million new samples for the year, doubling in number from Q4 2012 to Q4 2013.
- Suspicious URLs. McAfee Labs recorded a 70 percent increase in the number of suspect URLs in 2013.
- Malware proliferation. In 2013, McAfee Labs found 200 new malware samples every minute, or more than three new threats every second.
- Master boot record-related. McAfee Labs found 2.2 million new MBR-attacks in 2013.
The complete report is available here*."
Facebook scam: naked videos of friends - delivers Trojans instead
Mar 10, 2014 - "Bitdefender has discovered that more than 1,000 people have already been tricked into installing Trojan malware after clicking on a new Facebook scam that promises naked videos of their friends. The UK was the second most affected country by number of users and infections were also detected in France, Germany, Italy and Romania.
The scam, now spreading on the social network, can multiply itself by tagging users’ friends extremely quickly. To avoid detection, cybercriminals vary the scam messages by incorporating the names of Facebook friends alongside “private video,” “naked video” or “XXX private video”... To increase the infection rate, the malware has multiple installation possibilities. Besides the automated and quick drop on the computer or mobile device, it also multiplies itself when users -click- the -fake- Adobe Flash Player update. To make the scam more credible, cybercriminals faked the number of views of the adult video to show that over 2 million users have allegedly clicked on the infected YouTube link..."
Malware peddler tryouts: different exploit kits
Mar 10, 2014 - "Websense researchers* have been following several recent -email-spam- campaigns targeting users of popular services such as Skype and Evernote, and believe them to be initiated by the infamous ru:8080 gang, which a history of similar spam runs impersonating legitimate Internet services such as Pinterest, Dropbox, etc. These latest campaigns start with -spoofed- emails purportedly alerting the recipients to a message/image they have received on Skype and Evernote, offering an embedded link that leads to compromised sites hosting an exploit kit. In the past, the aforementioned gang's preferred exploit kit was Blackhole, but with the arrest and prosecution of its creator... they have switched first to using the Magnitude, then the Angler and, finally, the Goon exploit kit. This group is currently focusing more on UK users, but targets US and German users as well... This gang typically pushes information-stealing trojans such as Cridex, Zeus GameOver, and click-fraud trojans like ZeroAccess onto the users, but they have also been known to deliver ransomware and worms. In this last few cases, the delivered malware is a Zeus variant that was initially detected by just a handful of commercial AV solutions..."
Fake gateway .gov .uk SPAM
10 Mar 2014 - "This -fake- spam from the UK Government Gateway comes with a malicious payload:
Date: Mon, 10 Mar 2014 12:04:21 +0100 [07:04:21 EDT]
From: gateway.confirmation@ gateway .gov .uk
Subject: Your Online Submission for Reference 485/GB3283519 Could not process
The submission for reference 485/GB3283519 was successfully received and was not
Check attached copy for more information.
This is an automatically generated email. Please do not reply as the email address is not
monitored for received mail.
Attached is a file GB3283519.zip which in turn contains a malicious executable GB10032014.pdf.scr which has an icon that makes it look like a PDF file. This has a VirusTotal detection rate of 7/50*. Automated analysis tools... show attempted downloads from i-softinc .com on 22.214.171.124 (MegaVelocity, Canada) and icamschat .com on 126.96.36.199 (Hosting Solutions International, US). I would recommend that you -block- traffic to the following IPs and domains:
icamschat .com "
MS Account 'Outlook Web Access' Phish ...
Mar 10, 2014 - "Email purporting to be from the Microsoft Account Team claims that recipients must click a link to upgrade their email account and set up Outlook Web Access. The email is -not- from Microsoft and the claim that users must click a link to upgrade their email accounts is a lie. The message is a phishing scam designed to trick users into sending their Microsoft account login details to criminals.
... the email is -not- from Microsoft and the claim that users must follow a link to upgrade their email account is untrue. Instead, the email is a criminal ruse designed to trick people into giving their Microsoft account details to cybercriminals. Those who fall for the trick and click one of the links as instructed will be taken to a -bogus- 'Microsoft' website that displays the following login form:
Once they have added their email address and password, victims will then be presented with a message claiming that their 'Outlook account was updated successfully'. Within a few seconds, they will be redirected to a genuine Microsoft website. Meanwhile, the criminals responsible for the phishing campaign can use the stolen credentials to hijack the real Microsoft accounts belonging to their victims. A 'Microsoft account' is the new name for what was previously known as a 'Windows Live ID.' The one set of login details can be used to access a number of Microsoft services, and are thus a valuable target for scammers..."
Edited by AplusWebMaster, Yesterday, 12:32 PM.