3 Sept 2008

 

Latest Phishing Scams       

 

 

 

 

 

 

 

 

Fake FedEx Email Borne Malware Alert

 

Over the last 24 hours we have seen a large influx of a new email borne malware campaign alleging to be a notification of non-delivery from FedEx.  

 

The email alleges that you sent a package on July 25, but because the recipient's address was not correct when it was shipped it had not been delivered.  It then asks the user to print out a copy of the attached invoice (a .zip file which contains malware) and to collect a copy of the package at the FedEx Office (address of office not given, which should be one clear indicator that something is fishy about the email).

 

 

Sample subject lines that we have seen in our Threat Operations Center include:

 

You Have A Package!!!

Tracking N <fake tracking number>

 

 

Volumes have been pretty high as we have seen over 21M of these fakes hit our systems within the last 24 hours, accounting for about 80% of all of the email borne malware that we have seen over that same period.

 

It's times like this that we are reminded that although many of the large scale malware campaigns that we now see are hosted on infected web sites, static malware distributed over email is still an active, viable tactic being employed by cyber criminals.

 

 

 

July 15 , 2008

 

Trojans Still Dominate

 

 

Early last week (on July 7, 2008 to be exact), the Panda Security company released their report on malware for the second quarter of 2008. As you may recall, for the first part of 2008, Trojans made the top of the list and it looks like they have dominated once again. The Panda report showed that Trojans made up 63 percent of all new malicious codes found on computers and coming in second was adware with 22.40 percent. If that strikes your interest, keep reading for even more shocking news!

 

The Panda company said that banker Trojans and other specific types of worms seemed to be the most infectious. First of all, banker Trojans are considered to be the most dangerous type of infection in circulation as we speak. The most prevalent banker Trojans go by the names of Sinowal, Banbra and Bancos. Others with less activity (but are still dangerous) include Dumador, SpyForms, Bandiv, PowerGrabber, Bankpatch, Briz, Snatch and Nuklus.

 

Like I said before, worms were also high on the list with 13.5 percent. Yes, Trojans are the most dangerous type of malware, but worms work in a way where one strain is responsible for thousands of infections. A few worms were found to have infected several computers, including Bagle.RP, Puce.E and Bagle.SP. Of course, there are several types of malware floating around these days, but at least you now have a few names to go by. Just giving you all a heads up. Stay safe out there, my friends!

 

Courtesy of Worldstart.com

 

 

 

 

July 10, 2009

 

Urban Legends

 

What -- Exactly -- are Urban Legends?  Urban legends are stories that are either funny and/or contain horrifying content that may or may not be true. They spread quickly, and often have many different variants.

Most urban legends are false -- but some are true.

Email urban legends and email hoaxes (which are what we focus on here) usually tell recipients to forward the email to everyone they know. In fact, that's one of the tell-tale signs that you have a false urban legend or hoax!

 

 

 Find out more by clicking  Here

 

 

 

 

June 21, 2008

 

New Ransomware on the Loose

 

I'm sorry to be the one to break this to you, but I have some bad news on the security front today. Do you remember a few months ago when I wrote about ransomware? Ransomware is basically a virus that takes over your computer and demands you to pay the creator of the virus for a code that will bring your data back. Most of the time, viruses like that are more bark than bite. They're usually fixed rather quickly by antivirus companies that figure out the codes needed to unlock your data. Well, at least that was the case up until now.

 

Just last week, researchers at Kaspersky found a new ransomware virus that is on the loose and is very dangerous. The virus is called Gpcode.ak and it's a type of ransomware that has no fix as of yet. Gpcode.ak will infect your computer and encrypt all of your personal files with a 1024 bit security key. Kaspersky has said that it would take a supercomputer to figure out the code for this one.

 

People who are infected with Gpcode.ak will see a screen that says something like this: “Your files are encrypted with a RSA-1024 algorithm. To recover your files, you need to buy our decryptor. To buy our decrypting tool, contact us at ********@yahoo.com."

 

 

As I mentioned above, there is currently no fix for this virus, but if your computer becomes infected with it, you can help! Kaspersky is asking for anyone infected with the virus to contact them immediately. That way, they can use your experience to try and find a solution for this nasty virus.

Now, if you become infected, Kaspersky is asking you to do the following:

 

Contact the Kaspersky Lab using another computer connected to the Internet. Do not restart or power down the potentially infected machine.

E-mail Kaspersky at stopgpcode@kaspersky.com with the following information included:

• Date and time of infection.
• Everything done on the computer in the five minutes before the machine was infected, including programs executed and Web sites visited.

The Kaspersky Lab will then try to recover any encrypted data.

Kaspersky analysts are continuing to analyze the virus code in search of a way to decrypt the files without having the private key. Until a solution is found, it's recommended that your anti-malware programs are set to their maximum security and that extra care is taken while browsing the Internet and reading your e-mail. Until next time, stay safe out there, my friends!

 

 

Courtesy of Worldstart.com

 Create your own free wiki!Help Add to Del.ici.ous Add to Digg Add to Reddit Add to fUrl Add to SpurlPublic, not yet premium Privacy Policy RSS