Trojan

AOL Administration Center & Uniform Traffic Ticket Spammed Scams

by certifiedbug on November 8, 2011

in Internet Security

“AOL Administration Center” spam comes from a spoofed email address this is a classic example of Canadian Pharmacy spam.

Full text of the bogus email, the # in the subject line changes.

From: “AOL Administration Center (R)”
To:
Subject: AOL Administration Center Notification #73916

Hi,
You have 1 notification (#73916) from AOL Administration Center
Please follow the instructions to continue.
Thanks,
The AOL Mail Team

Click here to opt out of receiving future promotional e-mail messages from AOL or go to AOL Keyword:
Email Preferences and unsubscribe. This screen name cannot respond to replies.

Click here for other Important Information about Commercial E-mail from AOL or visit http://about.aol.com/email_information.
AOL Email, PO Box 65627, Sterling, VA 20165-8805.

——————————————
“UNIFORM TRAFFIC TICKET” spam has been around awhile and continues to do the rounds. The email has an attached file which contains a malicious Trojan horse.
http://garwarner.blogspot.com/2011/08/new-york-city-uniform-traffic-ticket.html

Full text of the bogus email, the ID # in the subject line changes.

Date: Wed, 03 Aug 2011 12:42:23 +0530
From: “N.Y. State Department of Motor Vehicles”
To:
Subject: UNIFORM TRAFFIC TICKET (ID:89254305)

New York State Department of Motor Vehicles

UNIFORM TRAFFIC TICKET (ID:50385056),

POLICE AGENCY
NEW YORK STATE POLICE
Local Police Code 5278

THE PERSON DESCRIBED ABOVE IS CHARGED AS FOLLOWS

Time: 7:25 AM
Date of Offense: 10/10/2011
IN VIOLATION OF NYS V AND T LAW

9690 Description of Violation
SPEED OVER 55 ZONE
TO PLEAD, PRINT OUT THE ENCLOSED TICKET AND SEND IT TO TOWN COURT, CHATAM HALL., PO BOX 117

{ 0 comments }

Ach ‘payment canceled’ spam

by certifiedbug on September 28, 2011

in Internet Security

Resurgence of malicious ACH spam, the digit number changes randomly from email to email.

Keep your anti-virus application up-to-date and if the spam does arrive in the email box don’t click on links within or open any attachment.

The bad guys goal is to install a Zbot variant of a password stealing Trojan that also contains back door functionality. In other words the criminal gains unauthorized access and control of the infected computer.

Reference:
http://garwarner.blogspot.com/2011/05/ach-spammer-switches-to-shortened-urls.html

http://labs.m86security.com/tag/malicious-spam/

{ 0 comments }

Researchers obtain sample of ZeuS-SpyEye Banking Trojan code

by certifiedbug on January 25, 2011

in Internet Security

Security researchers at Trend Labs have acquired the first sample of code, it includes “Anti-Rapport: A built-in option to evade Rapport Trusteer software” a security application offered to customers of many banks as a defense against banking Trojans.
http://blog.trendmicro.com/spyeyezeus-toolkit-v1-3-05-beta/

A Closer Look at Rapport from Trusteer
29 April 2010
http://krebsonsecurity.com/2010/04/a-closer-look-at-rapport-from-trusteer/

Mergers and Acquisitions in the Malware Space
26 Oct 2010
http://www.symantec.com/connect/blogs/mergers-and-acquisitions-malware-space

{ 0 comments }

Malware aimed at employment opportunities posted on-line

by certifiedbug on January 21, 2011

in Internet Security

Internet Crime Complaint Center (IC3)

Recent FBI analysis reveals that cyber criminals engaging in ACH/wire transfer fraud have targeted businesses by responding via e-mail to employment opportunities posted online. Recently, more than $150,000 was stolen from a US business via unauthorized wire transfer as a result of an e-mail the business received that contained malware. The malware was embedded in an e-mail response to a job posting the business placed on an employment website and allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company. The malicious actor changed the account settings to allow the sending of wire transfers, one to the Ukraine and two to domestic accounts. The malware was identified as aBredolab variant, svrwsc.exe. This malware was connected to the ZeuS/Zbot Trojan, which is commonly used by cyber criminals to defraud US businesses.

The FBI recommends that potential employers remain vigilant in opening the e-mails of perspective employees. Running a virus scan prior to opening any e-mail attachments may provide an added layer of security against this type of attack. The FBI also recommends that businesses use separate computer systems to conduct financial transactions.

http://www.ic3.gov/media/2011/110119.aspx

{ 0 comments }

Manhattan U.S. Attorney charges 37 in ZeuS Banking Fraud

October 4, 2010

FBI Press Release September 30, 2010 According to Complaints unsealed today in Manhattan federal court, the cyber-attacks began in Eastern Europe, and included the use of a malware known as the “Zeus Trojan,” which was typically sent as an apparently-benign e-mail to computers at small businesses and municipalities in the United States. Once the email [...]

Read the full article →

Nineteen Arrested in £20 million ZeuS Banking Fraud

September 29, 2010

Officers arrested 15 men and four women aged between 23 and 47 on suspicion of the Computer Misuse Act, Proceeds of Crime Act and Fraud Act. Detective Chief Inspector Terry Wilson told the Mail that the Virtual Taskforce worked closely with several UK banks to gather the evidence and information needed to shut down the [...]

Read the full article →

Zeus botnet vendor toolkit vulnerability

September 27, 2010

Security researcher Billy (BK) Rios has discovered a vulnerability in the Zeus botnet toolkit which would allow the command and control channels to be hijacked. The C&C channels send instructions and software updates to compromised computers which often number in the hundreds of thousands. In the spirit of responsible disclosure Rios attempted to inform the [...]

Read the full article →

Malware targets Starcraft 2 Gamers

September 14, 2010

Microsoft Malware Protection Center Malware Plays Starcraft 2 Starcraft 2 is gaining popularity not only for gamers but also for malware writers. We wrote about Starcraft almost two months ago when it was first released. Now, apparently, it is also being used as part of a social engineering technique by a downloader family called Harnig. [...]

Read the full article →

Trojan horse may have contributed to 2008 Madrid aircrash

August 22, 2010

Graham Cluley’s blog. Trojan horse suspected of contributing to 2008 Madrid aircrash Authorities investigating the 2008 Madrid air crash, which resulted in the deaths of 154 people, have discovered that a central computer system used to monitor technical problems in aircraft was infected with Trojan horses. The final report from crash investigators is not due [...]

Read the full article →

Zeus (Zbot) Banking Trojan Attacks Visa, Master Card

July 14, 2010

Trusteer Press Release NEW YORK, July 14, 2010 –Trusteer, the leading provider of secure browsing services, today announced that the Zeus (Zbot) financial malware is targeting online banking customers of 15 leading US financial institutions by exploiting two trusted credit card security programs. After users have initiated a secure online banking session, the Zeus Trojan [...]

Read the full article →

← Previous Entries