Hopefully the readers of the Security Response Blogs are well aware of advance-fee fraud, which is also known as a 419 scam. A 419 scam typically pops up disguised as an email from some member of a royal family from a country far away, trying to transfer large amounts of money to you. The story used in the fraud schemes doesn’t vary much these days. However, these advance-fee scams have evolved and adapted to all of the new information sources that are available, including social networks. Such as with the following example, which was seen a couple of times at the beginning of June this year.
The scammer searched in Facebook for people who have highlighted the fact that they are disc jockeys. Since it is likely that such people usually want to be found and are proud to be DJs, it is quite easy for an attacker to create a very targeted user list for his scam. Simply browsing and comparing dedicated user interest groups can reveal all of the necessary information.
I must admit that I was puzzled for a second when I saw an email with a suicide note as a subject line in my spam inbox. I wondered what product they might try to sell with that note or which drive-by download site might be hidden behind it. So, I opened it. The email was actually written like a real suicide note.
In the text of the message, a young Swiss guy explains that he has had enough with the world and that he has given up his painful fight against the Russian cyber-criminals. With some side notes, he explains that he had at least profited a little from their own tricks and was able to transfer some cash for himself from Swiss online banking accounts. Of course, he explains, all in the name of the greater good.
The mail then takes a tangent and tells a story about him catching his girlfriend red-handed with another guy, which finalized his decision of...
There are hundreds of ready-for-use phishing kits available on the Internet. At the beginning of this month, a list with more than 400 links had been circulated on mailing lists and forums. Some kits are a compilation of different sophisticated scripts that can spoof many different brands at once and sometimes even bypass two-factor authentication schemas. However, the vast majority are simply archived copies of the original Web site, modified to include a small PHP script that will send the stolen credentials to an email account.
We know that not all phishers have a Ph.D. in the art of phishing; therefore, you can sometimes find some interesting and funny pieces of code in phishing kits found on the Internet. As Easter is coming up soon, I decided to compile a top five list of the funniest Easter eggs that I have seen in phishing kits lately.
In 5th place: Local image paths Sometimes, phishers do not check if all links are converted correctly....
We all know that you should back up your data periodically if you don't want to lose it in the case of an incident. This is not as trivial as it used to be. You might have some information stored remotely in online services. Most likely you will have an online email account and may want to have those emails archived on your local backup drive.
So I wasn't surprised when I saw an article last week on Jeff Atwood's blog about someone searching for a way to archive emails from Gmail. By the way, any IMAP client might be a good way. The sad part of the story was that the guy stumbled on a shareware tool called G-Archiver. After playing around with the software, he discovered that there is a hard-coded Gmail account with a password in this application. After doing some more analysis, it was evident that this tool does not only archive your emails locally, it will...
It is surely of no surprise, especially toregular readers of our Weblog, that not only banks are targeted byphishing attacks, but nearly anything that can be scammed. We alreadycommented on the rise in attacks targeting virtual worlds andespecially massively multiplayer online role-playing games (MMORPGs) inearlier posts. The growing market for virtual currency and playeraccounts does attract new scammers. It’s the nature of things that ifsomething becomes popular to use, it will also become popular toattack.
There was no exclamation of surprise then (a.k.a. Wow!) when I sawthe latest phishing email for World of Warcraft. In general, itattempted to get a reaction from me by telling me that my account wastemorarly suspended and that I need to log in to verify my details.Well actually, I would rather not log in to unlock my account but hey,it’s their story, not mine.
Many people don’t like flashy advertisementbanners on Web pages. But ads are a necessary thing for some pages tokeep them free and help the owners pay their hosting fees. That mighthave been one of the reasons the bad guys thought of when usingmalicious banner ads as an attack vector. I’m not talking about theannoying banners that will overlay half of your screen so that you haveto click them away manually. I’m talking about malicious ads, sometimesreferred to as "malvertisement" or "badvertisement," which contain amalicious script or a hidden redirector. Most of the time it’s a flashobject that contains an obfuscated action script which redirects theuser to a malicious site after performing some user client checks. Ifthe IP address of the requester falls into the desired geographiclocation and the IP address was not yet served, then it will beredirected to the bad site. This site can then either use one of thewell known Web attacking toolkits to exploit a...
It looks like I'm dead! In fact I mighthave already been dead for a couple of weeks without even realizing it.That's if I believe the emails I've received (I've received the samemail eight separate times and counting). No, it wasn't a death threatagainst security researchers. It's an email stating that there had beena nuclear accident in Switzerland and everything is now radioactive andcontaminated. Since I live in Switzerland, I had a distinct feelingthat there was something bogus about this message. Even if I wasn'tliving here, all of the grammatical mistakes and the absolute lack ofumlauts in the message text where there should be some would have beenmy early clues that this was yet more spam.
My girlfriend recently bought an mp3 playerthrough eBay. The slim 8GB player, dubbed ”MP3 Player“ by the no-namebrand vendor, reminded me of some other well known player – I… I… Ijust can’t remember the name. But, since it was offered at half theprice of an iPod, we thought that it wasn’t such a bad deal and orderedit. Last week it was finally delivered and while checking it out Iconnected it through USB to my laptop. A moment later my NortonInternet Security informed me that the removable device was infectedwith Backdoor.Graybird.Using a hidden autorun.inf file the back door tried to infect the PCthe player was connected to – if the user was careless enough to openthe drive unprotected. ;-) Not that I believed that we would no longersee any Backdoor.Graybirds after the...
Well, we all know that playing games can influence your real life,even if it’s just the lack of sleep you get from spending whole nightsplaying online games. But there’s more to it. There are several crucialpoints that have to be considered when running around virtual fieldswith your character. Unfortunately, as in life, some people don't playby the rules.
Sometimes those virtual worlds are not as peaceful as one mightthink or hope. You, or more precisely your avatar, might getblackmailed for protection money or bullied by others. Destruction ofvirtual goods can happen if you don’t pay. The discovery of weapons ofmass destruction in Second Life confirms this point. (Yes, they doexist; search for “Jessie Massacre” if you don’t believe it.)
But, there are other entrapments to watch out for. We already reported on gold farming and the problem with in-game spam in a...
Have you ever “ego-Googled” yourself? That is, looked yourself up onGoogle? Chances are, if you haven’t, others have. Your employerprobably did it before hiring you, so it can’t be that bad, right? Butare you really aware of all the information that is available onlineabout you?
Nowadays, of course, one of the easiest ways to data-mine somebodyis to look them up on the many social networking sites that have sprungup over the past few years. These sites are hugely popular and you findthem for nearly every user group. You can find old buddies from schoolthat you’ve lost touch with, connect with people that listen to thesame music as you, or post your CV to attract a new employer.
For sure, they can be useful. And I admit that I, too, have usedthem several times. Sometimes it can even be very amusing. For example,I once received an email from a headhunter. Besides offering me aposition, she complained she couldn’t reach me on my listed phonenumber: ++1 234 567 890. What...
“Because that's where the money is” was apparently the reason givenby Willie Sutton when asked why he kept robbing banks. Even though thatstatement may be correct, Willie Sutton never said it like this – as heexplains in his book “Where the Money Was.” Still, it evolved into oneof those urban myths, quoted many times. But there is an even betteranalogy to be made between the life of this bank robber from the 1940sand today’s online crime.
One of his nicknames was “The Actor,” which he gained aftercommitting robberies in broad daylight, impersonating trustedpersonnel. He varied his disguise from telegraph messenger tomaintenance man to policeman. He had realized that an acetylene torchwas not the best way into a safe – it was much easier to abuse people’strust, as no one really expected such assaults from within their ownranks. It was like an insider job, but without actually belonging tothe team in the first place. Those old-school social engineering tricksare comparable...
“Because that's where the money is” was apparently the reason givenby Willie Sutton when asked why he kept robbing banks. Even though thatstatement may be correct, Willie Sutton never said it like this – as heexplains in his book “Where the Money Was.” Still, it evolved into oneof those urban myths, quoted many times. But there is an even betteranalogy to be made between the life of this bank robber from the 1940sand today’s online crime.
One of his nicknames was “The Actor,” which he gained aftercommitting robberies in broad daylight, impersonating trustedpersonnel. He varied his disguise from telegraph messenger tomaintenance man to policeman. He had realized that an acetylene torchwas not the best way into a safe – it was much easier to abuse people’strust, as no one really expected such assaults from within their ownranks. It was like an insider job, but without actually belonging tothe team in the first place. Those old-school social engineering tricksare comparable...
Recently, some people received quite a shock while doing their normal online banking business, as reported by Heise news. While browsing their bank’s Web site, they suddenly noticed that an international phone number and a country flag were integrated into the transaction page.
From that point on, the reaction of different users will vary. You might call me pessimistic, but I assume some people would not question it (if they noticed it at all), and would continue with their normal online banking transactions. The same people might also fall for general phishing email attacks. Afterall, user awareness is not yet universal.
Security-savvy users, however, would identify this as a phishing attack of some sort and stop their current online banking session immediately (after taking some screenshots, of course). They would then call up the bank to tell them that a new kind of phishing attack...
Another Valentine’s Day has passed and everyone knows that there are certain guidelines that should be followed on this day of love. Over the years, I've developed a top three list of recommendations: • Don’t forget Valentine’s Day. • Don’t forget to get in touch with your loved ones. • Don’t open any strange email attachments, not even if they seem to come from a secret admirer and have a special greeting card attached.
But after the stories I heard this year around Valentine’s Day, it appears I'll need to add new advice to my top three list. Apparently many people received a suspicious text message on their mobile phone this Valentine’s Day. The text message came from an online love message service, which lets you record a message onto a central voice recording machine that can be dialed into. The service then sends a timed SMS to your friend, who can collect the recorded message by calling a number. Of course you have to pay around US$ 4 per minute for...
If you live in a German-speaking region, then you might have received one or two strange emails last month, which were unlike the huge amount of regular spam often seen. The first type of odd email was multiple instances of alleged invoices that were sent as email attachments by local ISPs or other service providers. The disguised attachment had a .pdf.exe double extension, which was not an invoice document at all, but a Downloader. Some people thought it was a scam asking for payment for a service that was never received (which was not true in this case), but even so the decision to immediately delete the email was the right choice.
At the end of January, another strange email made its rounds. This one claimed to come from the Bundeskriminalamt (BKA), the federal police in Germany. The email text mentioned charges against the user for downloading illegal movies and software and referred to the attachment as a fax form for statements that had to be completed as soon as...
