Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘spam’
July 28th, 2014

Phishing scam steals Finnish bank passwords, earns big money

Earlier this month, we told you about a spear phishing campaign specifically targeting banking customers in Czech Republic, and now a similar scam is targeting bank customers in Finland.

Finnish banks warn their customers of phishing scheme.

Finnish banks warn their customers of phishing scheme.

This weekend, Aktia, Nordea, and Nooa Säästöpankki customers received text messages and emails informing them that their online banking services were being discontinued because of a payment in default. The message said the payment had to be made immediately to avoid this. The victims were then instructed to follow a link in the email where they could enter their ID and bank access codes including PIN. The victim was promised that a representative of online banking services would call to confirm after the payment was received.

So far, 500,000 euros has been stolen. Of course, there is no default payment and the whole thing is a hoax to earn cybercriminals money. Within the last month, 95 percent of the victims have been women, said Detective Superintendent Jukkapekka Risu from Helsinki Police to the Helsinki Times.

What you need to know to protect yourself

Do not click on links, download files, or open attachments in emails from unknown senders. Phishing websites often copy legitimate websites so they appear authentic. To be safe, call the bank to find out if they really sent that email to you.

Do not call the number in the email. It can easily be faked. Look up the real number of your bank and call using that.

Banks will not ask for customer names or IDs by email, text message, or phone. If you have fallen victim to the scam message and have volunteered information, please contact your bank immediately.

Protect your computer with a firewall, spam filters, antivirus and anti-spyware software. Both avast! Internet Security and avast! Premier have these important features. SafeZone is an additional security feature in avast! Pro Antivirus, avast! Internet Security and avast! Premier, which allows you to browse the web in a private, secure environment, invisible to the rest of your system. For example, if you do your banking online, you can be sure that your personal data cannot be monitored by spyware or key-logging software.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter, Google+ and Instagram. Business owners – check out our business products.

 

July 17th, 2014

Tinybanker Trojan targets banking customers

Tinba Trojan specifically targets bank customers with deceitful debt notice.

The Tinba Trojan is banking malware that uses a social engineering technique called spearfishing to target its victims. Recently, targets havebeen banking customers in Czech Republic, AVAST Software’s home country. Tinba, aka Tinybanker,  was first reported in 2012 where it was active in Turkey. A whitepaper analyzing its functionality is available here (PDF). However, the spam campaigns against bank users in Czech Republic are still going on and have became more intensive. Here is an example of what Czech customers recently found in their email inbox.

Czech version:

VÝZVA K ÚHRADĚ DLUŽNÉHO PLNĚNÍ PŘED PROVEDENÍM EXEKUCE

Soudní exekutor Mgr. Bednář, Richard, Exekutorský úřad Praha-2, IČ 51736937, se sídlem Kateřinská 13, 184 00 Praha 2
pověřený provedením exekuce: č.j. 10 EXE 197/2014 -17, na základě exekučního titulu: Příkaz č.j. 077209/2014-567/Čen/G V.vyř.,
vás ve smyslu §46 odst. 6 z. č. 120/2001 Sb. (exekuční řád) v platném znění vyzývá k splnění označených povinností, které ukládá exekuční titul, jakož i povinnosti uhradit náklady na nařízení exekuce a odměnu soudního exekutora, stejně ták, jako zálohu na náklady exekuce a odměnu soudního exekutora:

Peněžitý nárok oprávněného včetně nákladu k dnešnímu dni: 9 027,00 Kč
Záloha na odměnu exekutora (peněžité plnění): 1 167,00 Kč včetně DPH 21%
Náklady exekuce paušálem: 4 616,00 Kč včetně DPH 21%

Pro splnění veškerých povinností  je třeba uhradit na účet soudního exekutora (č.ú. 549410655/5000, variabilní symbol 82797754, ČSOB a.s.), ve lhůtě 15 dnů od
doručení této výzvy 14 810,00 Kč

Nebude-li  uvedená částka uhrazena ve lhůtě 15 dnů od doručení této výzvy, bude i provedena exekuce majetku a/nebo zablokován bankovní účet  povinného ve smyslu § 44a odst. 1 EŘ a podle § 47 odst. 4 EŘ. Až do okamžiku splnění povinnosti.

Příkaz k úhradě, vyrozumění o zahájení exekuce  a vypučet povinnosti najdete v přiložených souborech.

Za správnost vyhotovení Alexey Mishkel

 

English translation:

Distraint notice
———————
Bailiff [Academic title] [First name] [Last name], Distraint office Prague-2 ID: 51736937 at Katerinska 13, 184 00 Prague 2 was authorized to proceed the execution 10 EXE 197/2014 -17 based on execution Order 077209/2014-567/Cen/G according to §46 paragraph 4, 120/2001 law collection in valid form which impose you to pay these costs:

Debt amount: 9,027.00 CZK ($445.00)
Distraint reward: 1,167 including 21% TAX
Fixed costs: 4,616 CZK including 21% TAX
Total: 14,810 CZK ($730.00)

To bank account 549410655/5000, variable symbol 82797754, CSOB a.s.

For the correctness of the copy warrants Alexey Mishkel

Using the spearfishing social engineering tactic, the attackers attempt to scare their victims with a specially designed email message explaining that there exists a debt which needs to be paid.

Read more…

April 23rd, 2014

Facebook is spring cleaning your News Feed

Facebook spam blocks relevant News Feed posts

Spam blocks news Facebook users want to see

Last year, Facebook had the dubious honor of containing more spam than other social networks.

In order to combat this scourge, Facebook recently announced a series of  improvements to the News Feed to help ensure that spammy content does not drown out the posts that people really want to see from friends and Pages they care about.

“The goal of this spring cleaning is to deliver the right content to the right people at the right time so they don’t miss the stories that are important and relevant to them,” said Facebook.

The clean-up targets three areas: Like-baiting, frequently shared content, and spammy links

Like-baiting is one of the sneakiest scams on Facebook. It’s when a post explicitly asks readers to like, comment, or share the post in order to increase the number of likes and/or shares; in other words, to “Go Viral.”  As we have described in previous posts, the page usually collects the likes, then sells it to the highest bidder to re-purpose for new annoying posts and scams.

Facebook uses this cute animal survey image to illustrate what it considers to be like-baiting.  The text asks the reader what their favorite animal is, with pictures asking for likes, comments, and shares.

Like-baiting is one of the sneakiest scams on Facebook

Facebook found that there was an over-abundance of frequently shared content.

Read more…

November 7th, 2012

Just in case… before you pay (!)

The phishing scam creators are really getting creative.  Of course one could question their targeting such in this case.  Czech republic is known for our quite lenient view of laws and rules and – especially – the need to pay (or the lack of there off) of any fines especially when imposed by so called municipal police.  Who would bother…   Hence, an email urging to pay a fine is normally filed directly into the ‘round file’.   Known as trash.  Well in this case… there actually might be a good reason to look at this closely ;) Read more…

Categories: analyses, lab, Virus Lab Tags: ,
October 8th, 2012

Russian Odnoklassniki spamming

Recently, we’ve noticed that there are too many legitimate domains popping up in our url filters with malware. At first we thought we had a huge false-positive (FP) problem, but after analysis we found a pattern.

All of the referring links came from the Russian Odnoklassniki server, which is a quite-popular Russian social network. Users of that network are getting fake messages with links to photos.

Read more…

August 29th, 2012

avast! detects Facebook photo tagging malware

Photo and related article from http://mashable.com/2012/08/28/facebook-malware-photo-tag/

Have you received an email saying a friend tagged you in a photo on Facebook? Use extreme caution before clicking to see photos in the attachment. In a typical phish, cybercrooks are using a fake Facebook photo notification email designed to spread malware allowing them to gain control over Windows-based computers.

Avast Virus Lab detected the malware as Win32:Trojan-gen and added the definition to the database yesterday, so all avast! users are protected.

The email looks innocent enough with the familiar blue header and logo. Serious Facebookers may know that Facebook never sends you photos that you’ve been tagged in as attachments; rather they send links to the photos. Unfortunately, most of us are too busy to notice the difference.

Please share this warning with your Facebook friends, and recommend that they get avast! Free Antivirus, so they’ll always be protected. You can share avast! by clicking on our recommend avast! app here.

 

 

Comments off
February 16th, 2012

Standard hacker tactics after Whitney Houston’s death

There seems to be a playbook of standard hacker tactics after a celebrity death or an event of worldwide interest like earthquakes or tsunamis.  Hours after the announcement of pop diva Whitney Houston’s death, scammers had already devised schemes to prey on fans seeking information – appearing to recycle those used after the deaths of Michael Jackson and Steve Jobs.

A Facebook message, claiming to link to a video of Whitney Houston’s autopsy, takes the user to a page with an embedded YouTube video. When you try to play it, a pop-up message appears instructing the user to update their copy of Adobe’s Flash from a bogus site. The video scam has become viral. Read more…

Comments off
January 27th, 2012

Relative exposure to malware

If you work at an antivirus company, be sure that family members will soon ask you questions about computers and the latest malware. Sometimes, they will even send you some. The other day, I got an odd email from my cousin, soon followed by a similar note from my sister that contained this:

The two of them – completely unintentionally – sent me a personalized bit of spam/malware. This was quite nice. After all, there aren’t so many Lyle’s in the world and I thought it was really considerate of some malware writers to address me directly. So I asked Jan Sirmer in the AVAST Virus Lab to tell me about how it was done and the goal of this malware. Here are his comments: Read more…

Comments off
October 13th, 2011

Profiling facebook spammers

I’ve seen this happen many times, but this time I decided to get a screenshot of it. In a small box, facebook recommends that I add a friend because we have friends in common… or I get a direct friend request from someone I don’t know. I click the profile to investigate and, indeed, we have several friends in common. But an instinct triggers that something isn’t quite right.

Example 1 – Notice:

  1. New profile
  2. No personal information other than “Single”
  3. Only 17 friends
  4. All 17 friends are male
  5. Only 1 photo, with a focal point of breasts and eyes (maybe I should have titled this post “Why men are easy targets for spammers”)

 

Read more…

June 2nd, 2011

Phishing email: The YouTube impostor

In 2010, AVAST noticed that the majority of malware infections were occurring via infected websites, rather than from malicious email, which had previously been the main culprit.

But good criminals go where they are least expected.

A couple weeks ago I posted an example of a type of phishing email that I’ve since learned is called ‘vishing‘, as it uses voice (VoIP, telephone) as an agent in the scam process. (It reminds me of a public payphone I had to use in Mexico about 10 years ago, which billed me something around $80 for a five-minute call.) :) Read more…

Categories: General Tags: , , , , ,