Archive for the ‘Email Scams’ Category

New and Dangerous Zeus Variant hitting users Bank Accounts

Wednesday, August 11th, 2010

A new and dangerous variant of the Zeus trojan has been discovered that uses a complex, highly skilled methodology to empty victims bank accounts.

Primarily hitting in the UK in the month of July, a new variant of Zeus is using web exploits, a money mule network and a highly skilled back-end command and control system to steal well over one million dollars from victims bank accounts.

The new variant, dubbed Zeus version 3, is now using encryption via https to communicate with the command and control networks. The initial exploit that infects users systems are coming from on-line advertising banner ads and legitimate websites that have been compromised.

Few anti-virus vendors are able to mitigate the attack and most intrusion prevention systems will have a difficult time detecting valid https traffic from the Zeus command and control due to the encryption being utilized.

Once user systems are compromised and under the control of the cyber-criminals, a network of “money mules” are used to transfer the funds from the victims accounts. Money mules are hired by cyber criminals posing as legitimate business companies that pay fees to recruited users for transferring funds.

This complex network of web based exploits, encryption and the theft of small dollar amounts that stay under the radar of anti-fraud systems at banks make this exploit extremely dangerous.

There are ways to mitigate systems and users against this exploit.

RiskAnalytics Cyber-RiskTools can actively block Zeus command and control activity in real time and escalate information on compromised systems to administrators in real time.

http://www.riskanalytics.com/cyberrisk.htm

Tags: , ,
Posted in Botnets, Cyber Risk Management, Email Scams, Technical Safeguards | No Comments »

FBI Warns of New Social Networking Scam

Wednesday, July 7th, 2010

The FBI is warning of e-mail and social networking accounts being compromised and used in a social engineering scam to swindle consumers. Portraying themselves as the victim, the hacker uses the victim’s account to send a notice to their contacts. The notice claims the victim is in immediate need of money due to being robbed of their credit cards, passport, money, and cell phone; leaving them stranded in London or some other location. Some claim they only have a few days to pay their hotel bill and promise to reimburse upon their return home. A sense of urgency to help their friend/contact may cause the recipient to fail to validate the claim, increasing the likelihood of them falling for this scam. If you receive a similar notice, you should always verify the information before sending any money.

Tags:
Posted in Cyber Risk Management, Email Scams, Phishing | No Comments »

PC malware targeting iTunes, iPad users

Monday, April 26th, 2010

Here’s a cute trick. Some PC owners are getting emails alerting them to a new version of iTunes that has been updated “…for best iPad performance, newer features and security.”

The email provides a link, asking recipients to download a “new” version of iTunes. You see where this is going, of course. Those who follow through actually download a counterfeit version of iTunes which contains malicious code that opens up a backdoor allowing unauthorized access to a PC.

The code, called Backdoor.Bifrose.AADY, attempts to read the keys and serial numbers of the various software installed on the affected computer. It also logs the victim’s ICQ, Messenger and POP3 mail account password plus protected storage login.

Mac owners can rest easy. This Malware only hits on PCs.

Tags: , ,
Posted in Botnets, Cyber Risk Management, Email Scams, Passwords, Personal Identifiable Information (PII), Spyware | No Comments »

Facebook Password Stealing Scam

Tuesday, March 23rd, 2010

Facebook warns over password reset scam

Facebook has taken the unusual step of warning users about a bogus password reset scam designed to trick victims into downloading a password-stealing Trojan.

Prospective marks are falsely told in widely distributed spam emails that their password has been changed because of a supposed security incident. Targets are invited to open an email attachment for more information. This email attachment, you’ll be unsurprised to learn, contains keystroke snaffling malware. Once bitten, every password a user enters onto an infected PC becomes compromised.

Facebook points out that it would never send users a new password in an email attachment.

Facebook use in corporate settings should be limited based upon the potential policy violations and malware. Koobface is malware that specifically targets facebook.

Tags:
Posted in Cyber Risk Management, Email Scams, Passwords, Phishing | No Comments »

Counterfeit Check schemes via e-mail targeting US Law Firms

Thursday, January 21st, 2010

The FBI continues to receive reports of counterfeit check schemes targeting U.S. law firms.

In the most recent scenario, a fraudulent client seeking legal representation is an ex-wife “on assignment” in an Asian country. She claims to be pursuing a collection of divorce settlement monies from her ex-husband in the U.S. The law firm agrees to represent the ex-wife, sends an e-mail to the ex-husband, and receives a “certified” check for the settlement via delivery service. The ex-wife instructs the firm to wire the funds, less the retainer fee, to an overseas bank account. When the scam is executed successfully, the law firm wires the money before discovering the check is counterfeit.

All Internet users need to be cautious when they receive unsolicited e-mails. Law firms are advised to conduct as much due diligence as possible before engaging in transactions with parties who are handling their business solely via e-mail, particularly those parties claiming to reside overseas.

Tags: ,
Posted in Administrative Safeguards, Cyber Risk Management, Email Scams | No Comments »

Is your Google Email at Risk?

Thursday, January 21st, 2010

The code that was used to hack Gmail accounts in China is now publicly available on the Internet. Computer users throughout the world are being warned not to use Internet Explorer 6 until a patch can be developed.

The hack involves Internet Explorer 6, the browser that came with the Windows XP operating system and dangerously compromised. Many users still use IE 6.

On Thursday, the code that was used to hack Gmail accounts in China and led Google to threaten to close shop there was posted to a malware-analysis Web site. By Friday, a demonstration of just how easily the exploit can be used to gain complete control over a computer.

The software is intended to let security professionals test out security threats via penetration testing. Such testing is beneficial to discover security holes.

Microsoft has yet to patch the hole in IE 6, a flaw so serious it’s prompted the German government to suggest citizens avoid IE. Microsoft has posted a security advisory detailing the problem, and urging users to upgrade to newer browsers.

Tags:
Posted in Administrative Safeguards, Cyber Risk Management, Email Scams, Phishing, Physical Safeguards, Technical Safeguards | No Comments »

Domain name extension opens fresh opportunities for cyber-crime

Friday, January 8th, 2010

The introduction of Internet addresses in non-Roman scripts could offer fresh opportunities to cyber-criminals, experts have warned.

The Internet Corporation for Assigned Names and Numbers (ICANN) will for the first time accept Internet domain names in non-Roman scripts.

The new internationalized domain names will open up the Internet as never before to users whose native language does not use the Roman alphabet. But Roman-reading users face a possible deluge of phishing and e-mail scams.

To a Roman-reading eye, an e-mail containing a link to any one of these sites might appear genuine, while to a Russian-reading eye, “paypal”, for example, reads as “raural”. An e-mail link could thus lead to a clone site constructed by unscrupulous thieves, who could then use it to harvest personal and financial details, or to steal cash.

At present, most e-mail phishing does not use anything that resembles the real site name. We could see the level of sophistication in phishing attacks increased by the use of foreign languages.

Tags:
Posted in Cyber Risk Management, Email Scams, Personal Identifiable Information (PII), Phishing | No Comments »

H1N1 Email Phishing Scam

Friday, December 4th, 2009

The CDC has put out a warning for an H1N1 based e-mail phishing scam.

CDC has received reports of fraudulent emails (phishing) referencing a CDC sponsored State Vaccination Program for H1N1. The messages request that users create a personal H1N1 (swine flu) Vaccination Profile on the CDC.gov web site.

An example of the phishing email is below:

Users that click on the embedded link in the email are at risk of having malicious code installed on their system or having their personal information compromised.

RiskAnalytics reminds users to take the following steps to reduce the risk of being a victim of a phishing attack:

  • Do not open or respond to unsolicited email messages.
  • Do not click links embedded in emails from unknown senders.
  • Use caution when entering personal information online.
  • Update anti-virus, spyware, firewall, and anti-spam software regularly.

Posted in Cyber Risk Management, Email Scams, Phishing | No Comments »

FBI Warns of New Spear Phishing Scam Targeting Law Firms and PR Firms

Wednesday, December 2nd, 2009

The FBI has issued a new alert warning law firms and public relations firms that hackers are using spear phishing e-mails to exploit U.S. law firms and public relations firms.  The specific intrusion vector used against the firms is a targeted socially engineered e-mail designed to compromise network security defenses. Hackers attach malicious files to the email message or include a link to the domain housing the malicious file and entice users to click the attachment or link.

The subject lines of the messages are typically crafted, in such a way to uniquely engage recipients with content appropriate to their specific business interests, making defense strategies difficult.  In addition to appearing to originate from a trusted source, the attachment name and message body are also crafted to associate with the same specific business interests.  Infection occurs once someone opens the attachment or clicks the link, which launches a self-executing malicious file.  Once executed, the malicious payload will attempt to download and execute the file ‘srhost.exe’ from the domain ‘http://d.ueopen.com’; e.g. http://d.ueopen.com/srhost.exe.

Any traffic associated with ‘ueopen.com’ should be considered as an indication of an existing network compromise and addressed appropriately.   The malicious file does not necessarily appear as an ‘exe’ file in each incident.  On occasion, the self-executing file has appeared as other file types, e.g., ‘.zip’, ‘.jpeg’, etc.

Tags: , ,
Posted in Cyber Risk Management, Email Scams, Phishing | No Comments »