Fake Netflix Cancellation - phish
June 5, 2014 - "Message purporting to be from video streaming service Netflix claims that, due to a payment issue, your account will be cancelled unless you click a link and update credit card details. The message is a phishing scam and Netflix did -not- send it. Clicking the link will take you to a fake Netflix website that asks for login credentials, credit card details, and other personal information. This information will be collected by criminals and used for credit card fraud and identity theft. Example:
Like many other users, you may have recently received an account cancellation message claiming to be from online video streaming service Netflix. The message claims that, because of a problem processing your credit card, you must click a link to update card details to keep your account active. However, the message is -not- from Netflix and you do -not- need to update credit card details as claimed. The message is a typical phishing scam..."
Fake email Fax msg - leads to malicious file on Dropbox
June 5, 2014 - "... new trojan distribution campaign by email with the subject “Fax Message at 2014-05-06 08:55:55 EST”. This email is send from the spoofed address “Fax Message <message@ inbound .efax .com>” and has the following body:
The embedded URL leads to hxxps ://www .dropbox .com/meta_dl/**SHORTENED**
The downloaded ZIP file has the name Fax-932971.zip and contains the 146 kB large file Fax-932971.scr. The trojan is known as PE:Malware.XPACK-HIE/Heur!1.9C48. At the time of writing, only 1 of the 51* AV engines did detect the trojan at Virus Total so this is a potential risk. Use the Virus Total permalink* and Malwr permalink** for more detailed information..."
5/52 2014-06-09 01:05:06 http ://newsbrontima .com/hcgaryuo4nuf
4/52 2014-06-08 09:42:07 http ://newsbrontima .com/
6/52 2014-06-07 11:18:52 http ://newsbrontima .com/9j3yr9i7zw477
6/52 2014-06-07 11:18:45 http ://newsbrontima .com/a98n76ah7609y
6/52 2014-06-07 11:18:44 http ://newsbrontima .com/z7ekevxgm20zdz
Registrar URL: http://www.godaddy.com
Registrar Abuse Contact Email: firstname.lastname@example.org
Registrant Name: Registration Private - ?
Registrant Organization: Domains By Proxy, LLC
Registrant City: Scottsdale
Registrant State/Province: Arizona ..
efax Spam Containing Malware
> https://isc.sans.edu...Fax Message.PNG
Hacking Apple ID?
June 5, 2014 - "... Apple’s 2014 Worldwide Developers Conference (WWDC) this week was welcome news to the throngs of Apple developers and enthusiasts. It was also welcome news for another group of people with less than clean motives: cybercriminals... How could users recover from this attack? One way would be to restore a backup from iTunes. Unfortunately, many – perhaps even most – iPhone users are not particularly fastidious about backing up. One could try restoring from iCloud as well, but that would involve logging in with the user’s Apple ID account – which has been compromised by this very attack. As in any case where a user’s account has been compromised, recovery can be very difficult. We will likely see more attacks trying to steal Apple ID moving forward. For example, we can see routers** with malicious DNS settings being used in man-in-the-middle attacks to try and steal credentials. Phishing attacks may increase as well. The value of a stolen Apple ID can only go up as more and more information is placed in it by users... Our advice is similar to those for any other credential that needs to be protected:
- Don’t reuse your password.
- Use a secure password/passphrase.
- Enable security features like two-factor authentication, if possible.
To be fair, some of these steps are harder to perform on a mobile device than a desktop or laptop. Entering a long password may be hard without a password manager (like DirectPass*), for example. Despite this increased difficulty, it has to be done: it is now clear that mobile device credentials – like Apple ID – are a valuable target for cybercriminals..."
dedicatedpool .com.. spam or Joe Job?
5 June 2014 - "... received a number of spam emails mentioning a Bitcoin mining website dedicatedpool .com, subjects spotted are:
Subject: Bitcoins are around you - don't miss the train!
Subject: Dedicatedpool .com business proposal (Save up on taxes)
Subject: Make money with darkcoin and bitcoin now! ...
... the pattern of the spam looks like a Joe Job* rather than some horribly misguided attempt to market the website. There are several signs that make it look like someone is trying to cause trouble for the site operators:
1. The spam was sent repeatedly to a spamcop.net address, the type of address that would have a high probability of filing an abuse report. I call this a "reverse listwash".
2. The spam mentions the established dedicatedpool.com website repeatedly (rather than using some sort of redirector) but the originating IPs appear to be from an illegal botnet (see note 1). The use of a botnet indicates a malicious intent.
3. Spammers don't tend to include personal details of any sort in their messages, but the inclusion of "Ryan" (who does genuinely appear to be the administrator) seems suspicious.
In my opinion, the balance of probabilities is that this is not sent out by dedicatedpool .com themselves, but is sent out by someone wanting to disrupt their business.
Note 1: I have seen the following IPs as originating the spam..
Scammers bait users with FIFA Coins
June 4, 2014 - "To all gamers and enthusiasts of FIFA 14: Please be wary of sites claiming to generate coins for you for nothing. As the saying goes — If it sounds too good to be true, it probably is. Recently, we found one such site: fifa14cheats(dot)cheathacktool(dot)com.
Once visited, it asks for an email address, and then, if provided, lets users decide on how many coins they want handed to them.
After users press “Finish Hack”, they are then presented with a survey -scam- that, as we may already know, will eventually lead to zero coins. There are -still- users who do not know this and had to find out the hard way unfortunately..."
Edited by AplusWebMaster, 09 June 2014 - 05:23 AM.