Sometimes, the use of simple scams and well-known brands are used to trick people into giving up login names and passwords. By making people aware of these scams, we can better protect against the hackers.
You don’t need any obfuscated scripts or blackhat SEO tricks. Sometimes it is as easy as creating a Google document and sending it to trusting users. Anyone can create a simple form without any checks and this can be as a link to docs.google.com. This form is seeded at social sites and via emails. The hackers then wait for responses from any visitors.
Scams involving bogus telephone callers tricking users into divulging private information or parting with money for useless software are not new. However, it is worth reminding people of how the crooks are updating their tricks to better protect the innocent.
We received some emails from our users telling us that they spoke with some guy from ‘Microsoft’ who called to tell them that their computer is badly infected with malware and need repairs. The ‘Microsoft’ guy convinces the victims to use Ammyy remote administrator software to allow the ‘Microsoft guy’ to repair the computer. Ammyy remote admin is legitimate non-malicious program but it is a really easy way for scammers to connect to the victims’ computers and convince them that they are helping.
The crooks then they try to force victims to buy support service. In the first call reported to us they offered a “cheaper” service for only $177.00 plus tax for lifetime support. In the second case, the price had gone up to €300 for 5 years support.
The biggest problem with phone call scams is that the only protection is a common sense. Antivirus can protect against malware from websites and downloads but no software can offer protection when victims allowed access to their computer and are tricked into to paying for fake ‘support & service’.
When we looked into the recent wave of WordPress site hacks, our investigation took two separate paths: uncovering the TimThumb vulnerability and the Black Hole Toolkit used to exploit it.
Now it is time to talk more in detail about what the Blackhole Toolkit is.
For starters, the Blackhole exploit kit is used to spreading malicious software to users through hacked legitimate sites. It was most likely made by Russia developers. The big clue for this is that operators can switch between Russia and English languages. The full version of this toolkit costs around $1500 on the black market. However, bargain hunters can find a stripped down version for the free online.
But, much more important than acquiring Blackhole is finding out how to get rid of it. More precisely, simply finding out if you have been infected. So, how can website owner recognize that his page was infected and has been blocked by an antivirus program because it is being misused as a redirector to site with Blackhole exploit kit? And how do they compromise your site?
Not all browser nets can catch the same phish. One Friday evening, just before I wanted to go home, I received an interesting email.
It contained sentences like “ We recently reviewed your account, and suspect that your PayPal account
may have been accessed by an unauthorized third party” and words like “protected“, “security” and “unauthorized“. Of course, at the end of the email, there were directions to click on a “Paypal” link to update information like login name and password.
I think most of you have probably heard about Google-images poisoning, but what is it?
More thorough technical information about this attack could be found on the Unmask Parasites blog or the ISC site. In this blog, we only tried to focus on the data from the avast! Community IQ database to show how big this attack was, and to look at how many domains are still infected — with their admins either unknowing or not paying much attention to their websites. Read more…
A normal part of using a computer is seeing the “Removable Device Inserted” announcement when plugging in a memory stick.
This is AutoRun, a really useful tool built into Microsoft operating systems. In addition to helping people pick the application for opening the new files, it is also a very common way of spreading malware. Did you know that AutoRun is a way for spreading around about two-thirds of current malware?